Wednesday, 11 July 2012


This starts with a tweet,

10 crazy IT security tricks that actually work

Now looking at this, I wondered, yes it has the things that you would normally do, rename the administrator account, get rid of the global admin entries, use non default ports. But one of these caught my eye, and it is around the use of honeypots.

Now I have just come back from a trip to the North Island where I have been in discussion around getting equipment into schools and the talk of preparing the students for the next wave of Digital technologies through the New Zealand Curriculum. 
Now getting back to it, the guy I spoke to talked about the use of honeypots to test systems and the patching and security of it, now the thing about these systems is that they are open enough to let people in, however, everything they do is logged, so you have the opportunity to go in and see where they went. There was one of these open in the 1990's where on IRC groups the publication of the IP address and username and password was made available, it was up to you to get to the next step, the competition for root access.

Now getting back to the article, looking at these systems
Innovative security technique No. 3: Honeypots
Modern computer honeypots have been around since the days of Clifford Stoll's "The Cuckoo's Egg," and they still don't aren't as respected or as widely adopted as they deserve. A honeypot is any computer asset that is set up solely to be attacked. Honeypots have no production value. They sit and wait, and they are monitored. When a hacker or malware touches them, they send an alert to an admin so that the touch can be investigated. They provide low noise and high value.
The shops that use honeypots get notified quickly of active attacks. In fact, nothing beats a honeypot for early warning -- except for a bunch of honeypots, called a honeynet. Still, colleagues and customers are typically incredulous when I bring up honeypots. My response is always the same: Spend a day spinning one up and tell me how you feel about honeypots a month later. Sometimes the best thing you can do is to try one.
Now the thing is, I have The Cuckoo's Egg and its 11:00pm at night, and I can't stop reading it. And the question I have is, should I get my students to read it. One book I already get them to read is Cory Doctorow, Little Brother. 

No comments: