Intrusion detection software and honeypots
After the recent Nimda virus, a consultant advised the IS Manager at my company to install an intrusion detection system and to put a "honeypot" in place. Can you explain what a "honeypot" is and give me an idea of what we should look for in intrusion-detection software?
-- via the Internet
Advertisement: |
A "honeypot" refers to a computer designed to look like an unprotected machine with which to trap unsuspecting hackers. The honeypot can do several things. It can sufficiently distract someone who plans to cause damage to other systems on your Network. It also tracks hacking attempts and alerts the appropriate persons in your company that a hack or unwelcome intrusion is in progress. Search the Internet for some do-it-yourself options or commercial options such as Neoworx (which McAfee recently purchased).
While a honeypot is one type of IDS, you will still need to put something in place on your servers, whether or not they are on the public or private side of your network. Here again, there are quite a few options to choose from. Products by Black Ice (recently purchased by ISS), Zone Alarm and Hack Tracer are just a few to choose from. These are PC level products. But Internet Security Systems www.iss.net offers a product that will report an attack on a server directly to a central console, much like a server farm.
RELATED LINKS
Help Desk forum
Post and answer networking questions.
Ron Nutter, a Master Certified Novell Engineer and Microsoft Certified Systems Engineer in the Lexington, Ky., area, tracks down the answers to your questions. Send your questions to helpdesk@networkref.com.
'Decoy nets' gain backers in battle against hackers
More details on honeypots. Network World, 3/5/01.
