Security Year in Review: Honeypots

This has been a great year for honeypots, finally this method of collecting security information got its deserved place under the spotlight as more people began to realize the benefits that a honeypot, deployed in their organization, brings.

In order to get the real picture of honeypots I contacted the person that’s an authority on the subject – Lance Spitzner. He is the founder of the Honeynet Project, moderator of the honeypot mailing list, co-author of “Know Your Enemy”, author of “Honeypots: Tracking Hackers” and also author of several whitepapers. He works as a senior security architect for Sun Microsystems, Inc.

Spitzner said: “I’m a huge fan of honeypots. I know of no other security technology that lets you turn the tables on the bad guys, honepyots give you the initiative. I’ve been using them for several years now to learn about how attackers operate, and the latest threats. When I look back, I’m amazed at how much I’ve learned. I’m extremely excited about the future of honeypots, we have only begun to tap into their potential. In many ways, I think honeypots are now where firewall technologies were eight years ago, or where IDS was five years ago. However, I’m even more excited about all the different roles honeypots can play. Not only can they be used to improve you security (by preventing or detecting attacks), they can be used to gain intelligence on new threats. In fact, that is where I think we will so the greatest growth in honeypots. Organizations can use them for early warning and prediction, trend analysis, or even cyber warfare.”

There have been two things that marked this year as the most important year for honeypots ever:

Earlier this year in an interview for HNS, Spitzner said: “It was a great start, as it was the first honeypot conference. However, I would like to see one that is more technical, covering a great spectrum of technologies (similar to my book).”

The future is wide open for the development of honeypot technology as more people begin to use it. There are not many solutions present at the moment but new ones will certainly appear during the following year. As regards the future Spitzner said: “We will also see dramatic improvement in how the technology works. Open Source solutions such as Honeyd and Honeynet will become easier to use. Commercial products, such as ManTrap, will communicate and work with other technologies, such as firewalls and IDS. I also think we will see more honeypot solutions released.”

“Last, I think you will see more documented cases of honeypots in use. People don’t realize just how much honeypots are being used today. For example, catching the latest worms or trend analysis of specific blackhat communities. I feel honeypots have a very exciting future, we are seeing a technology in its infancy.” Spitzner added.

If you’re interested in learning more about honeypots I strongly suggest you pay a visit to the Honeynet Project. In their own words: “The Honeynet Project is a non-profit research group of thirty security professionals dedicated to information security. We have no income or revenue, all of our research is done on a volunteer basis. It is our goal to learn the tools, tactics, and motives of the blackhat community and share these lessons learned. It is hoped that our research will benefit both its members and the security community.” They are the best resource to learn about honeypots – you can read the whitepapers and try some of the tools for honeynets available for download.

In the news

There have been numerous stories about Honeypots in the news during this year, here are some of the most interesting ones: