We keep saying that , we need to invent measures to track down any malicious activity coming to our website or application or our network. But for that, what do we invent?we cone down to those traditional measures of having a bunch of firewalls or IPS, heavily configured on signatures to guard our premises. One more step, is deploying enteriprise monitoring and management systems to help us to keep an eye on the activity happeing outside the network.
But then also how to catch a hacker, who comes ane easily hacks down the site even having these technologies in place. The problem is, we are not thinking like a hacker, rather we are thinking like a administrator, who do not have any inovative ways of solving this problem because he has his boundaries set. One needs to be very much innovative these days to catch these smart fellows.
First thing to remember, no hacker will reveil his own identity. If at all you are successfull in getting hold of an identity details, be sure that this one is nothing but FAKE. If you realize, you still be on the same step from where you started some days back. So, what to do??
There is an intresting technology, which attracts the hacker to hack the resource and there by catching the person beind the intention, this is called "HONEY POT" or "HONEY NET".
The concept is very simple, its like putting a goat to catch a tiger. Here also we do the same thing, we create a trap to attract the hackers and then we catch them. These applications create a trap, by opening some fake ports or services, making the hacker realize that the target is very vulnerable. He feel excited to see many backdoors, enabling his easy access. In thiswhole process, the application captures all the necessary credentials and alerts the user of the activity and that is how the person gets caught.
I have personally used it and tested with many situations. I also tried to integrate the application with my incident management framework and it worked. Now i dont have to over configure my security devices nor introduce any new technology to ensure the security of my organization. Honey Pots cater a single network setup and if an organization has multiple networks then they can go for Honey Nets.
Specifically, these types of traps are used by organizations, which are dealing with national security or dealing with high level classified data like defense organisations, space research, ordinance factories etc. the threat to these type of organization is always alrarming and needs to be stringent in terms of security. But at the end, we also understand that irrespective of the type of the organization , the data is always critical in itself and to ensure its security , it is advisable to implement this as an additional defense layer.