Home > Information Security Magazine > Features > The Sting
EMAIL THIS LICENSING & REPRINTS
Information Security Magazine

  CURRENT ISSUE  
  FEATURES  
  COLUMNS  
  HOT PICK & PRODUCT REVIEWS  
  ARCHIVES  
  SUBSCRIBE/RENEW  
  

The Sting
by David Strom
Issue: Nov 2007
printer-friendly
licensing & reprints
< PREV PAGE   |   1  |   2  |   3  |   4  |   5  |   6  |   NEXT PAGE  >

"This has been driven both by advancements in secure coding practices for server-side software and, more importantly, by the explosion of phishing and identity theft attacks," says Michael Sutton, the security evangelist for SPI Dynamics, which was recently acquired by HP. "Attackers have realized that it is easier to find a weak point when targeting employees and end users versus a hardened server, which is actively protected."

The situation is fairly depressing. There are compromised Web sites in most any subject category, according to honeynet researchers.

"Anybody accessing the Web is at risk regardless of the type of content they browse for or the way the content is accessed," writes Holz and four other authors of the Honeynet Project paper Know Your Enemy: Malicious Web Servers. "Adjusting browsing behavior is not sufficient to entirely mitigate such risk. Even if a user makes it a policy to only type in URLs rather than following hyperlinks, they are still at risk from typo-squatter URLs."

Flying Across the Web
Because the honeynet server isn't a destination site for any ordinary user, security researchers say that any access recorded by the server is probably from someone up to no good. In contrast, researchers using honeyclients must discern which sites it visits are malicious and which are benign, since they are using a collection of URLs whose security status is undetermined.

Honeyclients have three components:

  • An automated script-based system that drives the PC and Web browser to visit a series of URLs in the hope of finding a compromised Web server.


  • A recording program that documents changes to the PC, just like the one used on the honeynet.


  • A series of virtual machines running multiple PC and browser sessions on the same physical system. After each session is completed and any changes are recorded, the virtual machine is restarted with a clean image before trying the next URL in the sequence.
Honeyclients can uncover new forms of malware that may not be reported or publicized, giving security researchers a jump on the bad guys. This is because they look for changes to the underlying OS and browser configuration, rather than scan for attack signatures or behavioral patterns.

< PREV PAGE   |   1  |   2  |   3  |   4  |   5  |   6  |   NEXT PAGE  >





TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Advanced Search | Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2003 - 2008, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts