Honeypot

From Hack Story

(Difference between revisions)
Jump to: navigation, search
(Replaced content with "Se denomina honeypot al software o conjunto de computadores cuya intención es atraer a atacantes, simulando ser sistemas vulnerables o débiles a los ataques.<ref>''[http://...")
 
Line 1: Line 1:
{{Template:workinprogress}}
+
Se denomina honeypot al software o conjunto de computadores cuya intención es atraer a atacantes, simulando ser sistemas vulnerables o débiles a los ataques.<ref>''[http://es.wikipedia.org/wiki/Honeypot Honeypot]. Es.wikipedia</ref>
  
http://www.zdnet.com/zdnn/stories/news/0,4586,2666273,00.html?chkpt=zdhpnews01
+
==Notas==
 +
<references/>
  
By Keith Johnson, WSJ Interactive Edition
 
December 19, 2000 6:01 AM PT
 
 
When a group of suspected Pakistani hackers broke into a U.S.-based
 
computer system in June, they thought they had found a vulnerable
 
network to use as an anonymous launching pad to attack Web sites
 
across India.
 
 
But what they had done was walk right into a trap known as a honeypot
 
-- a specially equipped system deployed by security professionals to
 
lure hackers and track their every move. For a month, every keystroke
 
they made, every tool they used, every word of their online chat
 
sessions was recorded and studied. The honeypot administrators learned
 
how the hackers chose their targets, what level of expertise they had,
 
what their favorite kinds of attacks were, and how they went about
 
trying to cover their tracks so that they could nest on compromised
 
systems.
 
 
Lance Spitzner, the honeypot's creator, is a self-confessed computer
 
geek, but he's more likely to quote Sun Tzu's "The Art of War" than
 
the latest guide to Unix. A security consultant with Sun Microsystems
 
Inc. in Chicago, Spitzner says he is applying the tactics and
 
techniques he learned as a tank commander in the U.S. army to the
 
cloak-and-dagger world of Internet security.
 
 
"I used to have to crawl around inside Soviet T-72 tanks to get an
 
idea what the enemy was doing, what they had to work with," the
 
31-year-old says. "Now, I'm doing the same thing, just with different
 
tools."
 
 
To be sure, Spitzner's HoneyNet Project -- which includes some 30
 
security professionals, programmers and psychologists, all working on
 
the project in their spare time -- isn't the first time honeypots have
 
been used to gather intelligence on the Internet underground. The
 
concept, if not the term, was coined by Clifford Stoll in his
 
groundbreaking "Cuckoo's Egg" story of hacker tracking, and experts
 
have used decoy computer systems for years to lure hackers and study
 
their moves.
 
 
But unlike previous honeypots, which were baited with known
 
vulnerabilities designed to mimic various computers, Spitzner's team
 
puts unmodified production systems online -- networks with the same
 
specifications, operating systems and security as those used by many
 
companies. And this project isn't a hush-hush, internal corporate
 
operation like previous honeypots: Spitzner posts all of his findings
 
on the Internet for the security community to see at
 
project.honeynet.org.
 
 
That approach scores big points with many security professionals, who
 
say it makes their job easier by raising awareness of the threats
 
posed by even inexpert hackers. "Some 95 percent of a security
 
practitioner's job is convincing people to take [these threats]
 
seriously," says Marcus Ranum, chief technology officer for NFR
 
Security Inc., of Rockville, Md., who says the availability of the
 
information gathered by the HoneyNet Project is one of its biggest
 
virtues. Spitzner's work "has been a terrific resource for me to be
 
able to say to people, 'Go see what the hackers are up to, if you
 
don't believe this stuff is real," Ranum says.
 
 
Trailing the kiddies Spitzner says a four-year stint in the U.S.
 
army's rapid-deployment force after the Persian Gulf War taught him
 
how valuable reliable information on the enemy could be. But there
 
wasn't much available when he joined Sun two years ago as a consultant
 
advising corporate clients on security issues. "There was very little
 
information out there on just who these hackers were, on what was
 
motivating them, on how they operated," he says.
 
 
Curious, he built his first honeypot in a spare bedroom early last
 
year. Within 15 minutes, it was scanned by a hacker looking for easy
 
prey. For about 18 months, the HoneyNet Project -- which mushroomed as
 
word of the project spread through the security community -- has
 
focused on the kinds of random attacks carried out by so-called script
 
kiddies, who use ready-made software to attack vulnerable systems. The
 
temporary shutdowns of Amazon.com, eBay and Yahoo! this year were
 
blamed on script kiddies armed with software they downloaded from the
 
Internet.
 
 
Even though they often are technological neophytes, script kiddies
 
pose a big threat to corporate security. While "people laugh at them,"
 
says Spitzner, "they've compromised an awful lot of corporate sites."
 
Security experts attribute that in part to the proliferation of Web
 
sites where hacking software is made available to the public,
 
allegedly for educational purposes. NFR's Ranum says the combination
 
of easily available software and greater numbers of would-be hackers
 
has "hugely increased the threat" to corporate security.
 
 
And no one is safe from random attacks targeting any system with a
 
connection to the Internet, says Eric Cole, a member of the HoneyNet
 
Project who teaches courses for the Security Administration and
 
Network Security Institute, an industry think tank. "It doesn't matter
 
if you're a Fortune 500 company or a small start-up," he says,
 
"hackers will probe you and try to get in."
 
 
The script kiddies don't just find tools to scan the Internet for
 
vulnerable systems; dozens of point-and-click applications are
 
available to let them cover their tracks once on board, rewriting the
 
logs that keep track of who has done what on the system. In response,
 
security professionals have come up with programs that track network
 
traffic or detect any changes to key files within the system, leading
 
to an elaborate game of hide-and-seek.
 
 
In one of his first honeypot episodes, early last year, Spitzner spent
 
four days following a script kiddie around his honeypot, watching as
 
the hacker used ready-made programs to cover his tracks and gain
 
control of the system. Mr. Spitzner, wary of scaring away the hacker,
 
had to tread carefully, making sure to leave no trace as he in turn
 
explored the system's logs. Based on what he learned, Spitzner was
 
able to armor common operating systems like Linux and Solaris against
 
most script kiddie attacks.
 
 
The real challenge, says free-lance security consultant Martin Roesch,
 
is "keeping up with the hacker arms race." A member of the HoneyNet
 
Project since its inception, Roesch created Snort, a program that
 
allows the team to eavesdrop on network traffic into the honeypot. He
 
has spent two years fine-tuning the program "as part of the constant
 
cycle of measure/countermeasure" that pits security pros against the
 
script kiddies armed with increasingly sophisticated software.
 
 
The next step, due to be initiated in January, is to sweeten the
 
honeypot by building a transactional system that looks like an
 
electronic-commerce site. The intent is to make the honeypot
 
irresistible to the more-skilled hackers, dubbed blackhats, who are
 
looking to steal credit-card numbers rather than just vandalize Web
 
sites.
 
 
Max Kilger, a team member and Stanford-educated psychologist, says
 
that could be the ideal opportunity to take the offensive and begin
 
developing pre-emptive security countermeasures based on what the
 
project learns about the psychology of these hackers. Since the
 
blackhat community has rigidly defined social structures like any
 
other group -- a strict meritocracy that breeds fierce competition and
 
rivalry -- Kilger thinks in-depth knowledge of their habits also could
 
help security professionals bring hackers in from the cold. And just
 
having honeypots operational, he adds, can serve as an effective
 
deterrent -- virtual land mines to protect corporate networks from
 
prying eyes.
 
 
There are, though, still plenty of questions and criticism about the
 
HoneyNet Project and honeypots in general. For starters, although the
 
project has helped show many in the security community the nuts and
 
bolts of investigating a break-in, it is unlikely to shine a light on
 
any of the cutting-edge tools used by hackers. "The project is
 
ground-breaking in the sense that they're being so helpful and open
 
about it," says Ranum. "But technologically, what they're doing isn't
 
rocket science."
 
 
And while honeypots are a great training environment for security
 
professionals, says Elias Levy, chief technology officer at
 
Securityfocus.com, a leading online source of security information and
 
discussion, "they won't fulfill their promise unless you have the time
 
to administer them correctly." Companies concerned about security
 
threats are "better off using an intrusion-detection system" if they
 
don't have a dedicated team of highly trained administrators, he says.
 
 
Many security chiefs could use the training. According to the Security
 
Administration and Network Security Institute, putting unqualified
 
administrators in charge of security is one of the biggest mistakes
 
companies make.
 
 
But many administrators, torn by budget constraints and the need to
 
find quick-fix solutions to get critical systems back online, often
 
are in no position to probe hacker attacks, says Frank Prince, an
 
electronic-security analyst with Forrester Research in Cambridge,
 
Mass. Honeypots or other projects that offer the detailed,
 
behind-the-scenes forensics of hacker tracking often end up being as
 
useful as "metallurgy for the guy tightening the lug nuts," Prince
 
says.
 
 
What's more, in dollar terms the most damaging attacks come from
 
inside companies, not from hackers, he says. While honeypots can help
 
compile information on people breaking into the system, they do little
 
to combat sabotage from within.
 
  
  
 
[[Category:Jargon]]
 
[[Category:Jargon]]

Latest revision as of 13:40, 29 April 2013

Se denomina honeypot al software o conjunto de computadores cuya intención es atraer a atacantes, simulando ser sistemas vulnerables o débiles a los ataques.[1]

Notas

  1. Honeypot. Es.wikipedia
Hackstory.es - La historia nunca contada del underground hacker en la Península Ibérica.