Honeypots for Windows

Long thought of as toys for security administrators who have too much time on their hands, honeypots are gaining an increased presence on corporate networks. Honeypots are nonproduction computer assets set up for the express purpose of being a potential target for unauthorized activities. Although honeypots can mimic any computer resource (e.g., router, print server), they most often mimic legitimate production servers and workstations.

Early on, security professionals mainly used honeypots to learn about malicious attackers (hereafter called intruders) and their tactics. Honeypots have proven their value in this area. For example, using honeypots, the Honeynet Project (http://www.honeynet.org) learned that the majority of attacks are automated by malicious mobile code (i.e., viruses, worms, and Trojan horses) and scripts. Although manual attacks aren't as common, patient intruders will find exploitable holes. Using honeypots, the project members uncovered complex intruder undergrounds involved in widespread commercial fraud and learned and publicized new intruder tricks before they could become pervasive zero-day exploits (i.e., vulnerabilities that attackers discover and exploit before they become widely known to the general public and security professionals).

Read Full Story