Home > Information Security Magazine > Features > Honeyclients bring new twist to honeypots
EMAIL THIS LICENSING & REPRINTS
Information Security Magazine

  CURRENT ISSUE  
  FEATURES  
  COLUMNS  
  HOT PICK & PRODUCT REVIEWS  
  ARCHIVES  
  SUBSCRIBE/RENEW  
  

Honeyclients bring new twist to honeypots
by David Strom
Issue: Nov 2007
printer-friendly
licensing & reprints
< PREV PAGE   |   1  |   2  |   3  |   4  |   5  |   6  |   NEXT PAGE  >

Sweet Deal
Use honeyclient projects to help protect your organization.

Honeyclient research efforts have very practical application for IT and security managers, and can help improve browser and network security practices in everyday corporate use.

A good place to start to understand the scope of honeyclients is to download the German Honeynet Project paper Know Your Enemy: Malicious Web Servers (www.honeynet.org/papers/mws/), along with the data set of suspected URLs and description of mitigation actions you can take to try to avoid Web-based infections. The researchers offer suggestions for creating URL blacklists, what to patch and when, and choosing the right desktop browser software.

One of their recommendations is to use a browser with minimal market share. "The tests we conducted show that a simple but effective way to remove yourself as a targeted user is to use a non-mainstream application, such as Opera. Despite the existence of vulnerabilities, this browser didn't seem to be a target," say the paper's authors. Of course, one problem with picking a less-known browser is that many sites don't work well when viewed with it.

Next, IT managers need to ensure that their users' machines are running with best practices, including personal firewalls and/or host-based intrusion detection software. If you're an IE shop, upgrade to IE 7 and run users in non-administrative modes to prevent possible infections. Unlike earlier versions, IE 7 runs a separate "sandbox" by default to limit its exposure.

Finally, make sure to patch third-party applications and client software, particularly those that make up any supported browser plug-ins, viewers and other secondary pieces that are commonly used along with the main browser software.

"Everyone now should have a pretty good understanding of the Micro-soft patch cycle, but do you also patch all of your Shockwave or Flash clients too?" asks Thorsten Holz of the German Honeynet Project.

--David Strom
Honeycombing the Internet
Open HoneyClient (www.honeyclient.org/trac) began by extending the original work on the honeynet server-based project. This open source initiative, sponsored by Mitre and researchers from Germany and New Zealand, publishes the code and VMware images that can be used to construct honeyclient systems to seek exploits against IE and Firefox systems.

"We also have different configurations that we are testing, such as ranging from Windows XP with SP2 to XP without any patches," says Kathy Wang, a lead information security engineer at Mitre.

< PREV PAGE   |   1  |   2  |   3  |   4  |   5  |   6  |   NEXT PAGE  >





TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2003 - 2008, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts