Honey Pots and Honey Nets - A new defense mantra !!

We keep saying that , we need to invent measures to track down any malicious activity coming to our website or application or our network. But for that, what do we invent?we cone down to those traditional measures of having a bunch of firewalls or IPS, heavily configured on signatures to guard our premises. One more step, is deploying enteriprise monitoring and management systems to help us to keep an eye on the activity happeing outside the network.

But then also how to catch a hacker, who comes ane easily hacks down the site even having these technologies in place. The problem is, we are not thinking like a hacker, rather we are thinking like a administrator, who do not have any inovative ways of solving this problem because he has his boundaries set. One needs to be very much innovative these days to catch these smart fellows.

First thing to remember, no hacker will reveil his own identity. If at all you are successfull in getting hold of an identity details, be sure that this one is nothing but FAKE. If you realize, you still be on the same step from where you started some days back. So, what to do??

There is an intresting technology, which attracts the hacker to hack the resource and there by catching the person beind the intention, this is called "HONEY POT" or "HONEY NET".

The concept is very simple, its like putting a goat to catch a tiger. Here also we do the same thing, we create a trap to attract the hackers and then we catch them. These applications create a trap, by opening some fake  ports or services, making the hacker realize that the target is very vulnerable. He feel excited to see many backdoors, enabling his easy access. In thiswhole process, the application captures all the necessary credentials and alerts the user of the activity and that is how the person gets caught.

I have personally used it and tested with many situations. I also tried to integrate the application with my incident management framework and it worked. Now i dont have to over configure my security devices nor introduce any new technology to ensure the security of my organization. Honey Pots cater a single network setup and if an organization has multiple networks then they can go for Honey Nets.

Specifically, these types of traps are used by organizations, which are dealing with national security or dealing with high level classified data like defense organisations, space research, ordinance factories etc. the threat to these type of organization is always alrarming and needs to be stringent in terms of security. But at the end, we also understand that irrespective of the type of the organization , the data is always critical in itself and to ensure its security , it is advisable to implement this as an additional defense layer.

Controls, Policies and Procedures - A corporate jargon!!

Organizations consider that if they have implemented strict controls, policies or procedures, they are secure. But they, fail to understand that one simple question, “what to secure and from whom?”

This is a very common practice to have this type of mind set because when a security has to be implied to prevent a information from getting leaked out from an organization, then I don’t think, any stringency would be of any help in doing this. The reason is very simple, “Are we feeling the every possible gap within the organization?”

The answer to this question will be “No” every time because it is not possible to close all the gaps because, we are not aware of all the gaps. We are putting our thinking on what is visible but there would be many things, which are not visible. So is an organization safe?

Due to an increase in the pressure of getting organizations comply on various standards; we have shifted our thinking to the real problem of limiting data theft. The biggest threat prevailing in this area is on the human mind , acting a vital role in data leakage. The behavior of a non satisfied employee is always uncertain and there is no policy to govern the mind.

It is and was never possible to control over a human mind and there will be always a non-compliance in this aspect, then “what are we preventing and from whom?”, this is the reason, why we always emphasize on awareness. It is very important to minimize the internal threat against external. Till today, people working in an organization, are considered to be the biggest threat against the external entities.

For me, having policies, procedures and controls are just good to have for an organization, to say “ I have security implemented” but when you look at the granular level then you will realize the purpose of having all these is never achieved. One talking to limit the data theft is impossible, if it is not implemented at the level where humans dealing with the data, take the responsibility of its security. I don’t believe, any technology can go above the intelligence of human brain. This is the only weapon which can cause and prevent the damage from getting worse.