Re: What do you guys think?

From: krymson@gmail.com
Date: Fri Mar 14 2008 - 09:31:39 EST


('binary' encoding is not supported, stored as-is) You want discussion, so I'll throw a hand in.

What security benefit is there to "trapping attackers" and/or watching their behavior/action? I think that may make great research, but I'm not sure how many people or organizations will benefit from that added knowledge. Will it make the organization more secure?

The other side of this is giving attackers an easy target to trigger your alarms so you know they're present. This is a basic tripwire type of alarm. Only instead of alarming on actual valuable stuff, you'll get many more positive hits because you're alarming on giveaway stuff. Maybe this will alert before your jewels are stolen, but again the value/time side of this is still arguable.

I'm certainly no expert, but if you make this too easy, are you opening yourself up to entrapment, or at the very least the inability to prosecute if you seemingly welcomed the intruder in? I really don't know, but I'm sure others do.

This isn't to say I want to discourage your work here. I think you should continue to pursue it. While I might speak about alarming only on the things you're trying to protect, I do tend to be a network control freak and prefer the heartbeat of my network close at my fingertips...and alarming on even smaller things is useful information to alert me to potential problems early.

Soapbox: I think it is dangerous to speak too highly of honeypots or honeypot-like tripwires. While I do believe in their value for research and curiosity, honeypots in an organization can be extremely dangerous when tended by non-experts. Besides, there are so many more valuable tasks to do in most orgs.

<- snip ->

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:27 EDT