This article is more than 1 year old

Honeypots: Free psy-ops weapons that can protect your network before defences fail

You catch more crooks with honey than vinegar

Buy vs. build

The open source community has offered many honeypots for security defenders and researchers to build and test, but vendors will sell what they describe as honeynets. Dean Sysman, co-founder of Israel-based Cymmetria, founded in 2014 as one of the few deceptive security companies, says psychological warfare is the best approach against attackers.

"There is a huge asymmetry in cyber security," Sysman tells The Register. "The best place to attack hackers is in their psychology, not in the technology, because that is an area that doesn't change, it follows common patterns." He says honeynets exploit the defender's "home court advantage", the only component in the white hat's favour.

Sysman echos Vestergaard's sentiments that any access to a honeypot created unbeknown to anyone is likely malicious and should serve as a red flag to administrators. "The interesting part is how you build the system to catch them completely," he says. Cymmetria has published details on large advanced attacks last year targeting 2500 corporations, as has rival TrapX which in the same year detailed the presistent compromises of three US hospitals. Sysman also co-designed an open source honeypot to detect the devastating Mirai distributed denial of service attack botnet.

Smaller offerings exist: the Turris Omnia router is a successful startup project of the Czech Republic's cz.nic domain name association which bakes in honeypot lures, along with open source firmware and network attached storage to the masses.

Commercial offerings are sold on the back of honeypot research and are generally simpler than bespoke deception rigs, according to Rist. "They are selling those deception stories," Rist says, referring to the way hackers can be trapped by honeypots. "You may have say a web server connected to a file server, with indications around that there is a FTP client on the Windows host, all of which are small honeypot sensors."

The experts interviewed for this story and other hackers The Register has spoken to about honeypots over years all agree that both commercial and open source honeypot systems should come only after important security defences are in place. ®

More about

TIP US OFF

Send us news


Other stories you might like