Penetration Testing mailing list archives

Re: What do you guys think?


From: krymson () gmail com
Date: 14 Mar 2008 14:31:39 -0000

You want discussion, so I'll throw a hand in.

What security benefit is there to "trapping attackers" and/or watching their behavior/action? I think that may make 
great research, but I'm not sure how many people or organizations will benefit from that added knowledge. Will it make 
the organization more secure?

The other side of this is giving attackers an easy target to trigger your alarms so you know they're present. This is a 
basic tripwire type of alarm. Only instead of alarming on actual valuable stuff, you'll get many more positive hits 
because you're alarming on giveaway stuff. Maybe this will alert before your jewels are stolen, but again the 
value/time side of this is still arguable.  

I'm certainly no expert, but if you make this too easy, are you opening yourself up to entrapment, or at the very least 
the inability to prosecute if you seemingly welcomed the intruder in? I really don't know, but I'm sure others do.

This isn't to say I want to discourage your work here. I think you should continue to pursue it. While I might speak 
about alarming only on the things you're trying to protect, I do tend to be a network control freak and prefer the 
heartbeat of my network close at my fingertips...and alarming on even smaller things is useful information to alert me 
to potential problems early.

Soapbox: I think it is dangerous to speak too highly of honeypots or honeypot-like tripwires. While I do believe in 
their value for research and curiosity, honeypots in an organization can be extremely dangerous when tended by 
non-experts. Besides, there are so many more valuable tasks to do in most orgs.



<- snip ->

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------


Current thread: