Search /
Docfinder:

RESEARCH CENTERS

Applications
Careers
Convergence
Data Center
LANs
Net/Systems Mgmt.
NOSes
Outsourcing
Routers/Switches
Security
Service Providers
Small/Med.Business
Storage
WAN Services
Web/e-commerce
Wireless/Mobile

SITE RESOURCES

Daily News
Newsletters
This Week in NW
Tests/Reviews
Buyer's Guides
Opinion
Forums
Special Issues
How to/Primers
Case Studies
Network Life
Encyclopedia
IT Briefings

TODAY'S NEWS

•	Brocade outlines its SDN approach
•	Jailbreak of Apple iOS 5.1.1 due 'in days'
•	Google has finally closed Motorola Mobility acquisition
•	10 years later, Alcatel-Lucent revisits Cisco and Juniper in the core
•	Avaya lays out roadmap for unified software management
•	Sidecar app for iOS, Android seeks to give smartphone voice calls overdue respect
•	Medical firm avoids Exchange nightmare with outside help
•	Cross-browser worm spreads via Facebook, security experts warn
•	Chrome streaks past Internet Explorer to become world's top browser
•	Linux kernel 3.4 released
•	Windows RT management could be a key to success for Windows 8 tablets
•	Windows 8 Update: Windows 8 wows AT&T Mobility
•	Survey: BYOD sparks enterprise investment in Unified Communication and Collaboration
•	Privacy advocates fear CISPA
•	Big cable companies pooling Wi-Fi hotspot resources
•	More breaking news

/

Intrusion detection software and honeypots

By Ron Nutter
Network World Fusion, 11/05/01

After the recent Nimda virus, a consultant advised the IS Manager at my company to install an intrusion detection system and to put a "honeypot" in place. Can you explain what a "honeypot" is and give me an idea of what we should look for in intrusion-detection software?
-- via the Internet

A "honeypot" refers to a computer designed to look like an unprotected machine with which to trap unsuspecting hackers. The honeypot can do several things. It can sufficiently distract someone who plans to cause damage to other systems on your Network. It also tracks hacking attempts and alerts the appropriate persons in your company that a hack or unwelcome intrusion is in progress. Search the Internet for some do-it-yourself options or commercial options such as Neoworx (which McAfee recently purchased).

While a honeypot is one type of IDS, you will still need to put something in place on your servers, whether or not they are on the public or private side of your network. Here again, there are quite a few options to choose from. Products by Black Ice (recently purchased by ISS), Zone Alarm and Hack Tracer are just a few to choose from. These are PC level products. But Internet Security Systems www.iss.net offers a product that will report an attack on a server directly to a central console, much like a server farm.

RELATED LINKS

Nutter's Help Desk archive

Help Desk forum
Post and answer networking questions.

Ron Nutter, a Master Certified Novell Engineer and Microsoft Certified Systems Engineer in the Lexington, Ky., area, tracks down the answers to your questions. Send your questions to helpdesk@networkref.com.

'Decoy nets' gain backers in battle against hackers
More details on honeypots. Network World, 3/5/01.

NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!

New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE

Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.