Tops in innovation

1 2 Page 2
Page 2 of 2

The second of the two cool factors that make this a category breaker is that these functions might even be included as a part of your router software. For years, users have been forced to decide between the economy of using an integral DSU/CSU or the added capabilities of an external enhanced DSU/CSU. This year, the full Uptime Select capabilities are expected to be included with Cisco's integral DSU/CSUs, although the availability of the full suite will lag a bit behind the stand-alone units. Consequently, you'll have the option of on-demand pay-as-you-go management without an upfront commitment - even when using an integrated DSU/CSU in your router.

In fairness, the development has a downside. Historically, the DSU/CSU has provided a clear demarcation point between the service provider and user networks. Even with services such as AT&T's Frame Plus frame relay service that includes an enhanced DSU/CSU, the router is off-limits to the service provider. However, with highly manageable DSU/CSU capabilities built into the router itself, this demarcation point is becoming significantly less distinct. In fact, the demarcation point becomes a software function within the router.

I'm betting you'll be willing to live with this. The potential is too great to ignore.

Taylor is president of Distributed Network Associates in Greensboro, N.C., and publisher of Web-torials.com. He can be reached at taylor@webtorials.com.

To top


Luring hackers with an open source honeypot

Open source community's Honeyd

I think lying to criminals is a good thing. They do it to us!

And I don't hate hackers; they do more good than harm for the state of security. But I have no use for criminal hackers, identity thieves or other miscreants who disguise their hostile activities as "hacking for mankind." That's pure BS. So let's lie every chance we get to protect our networks.

My choice for product of the year is an open source honeypot called Honeyd, maintained by Niels Provos, a Ph.D. candidate and experimental computer scientist at the Center for Information Technology Integration of the University of Michigan.

I became acquainted with the idea of deception and lying to one's 'Net enemies in 1996, from Fred Cohen and his Deception Tool Kit. The object was simple: Tell the intruders one thing (not the truth), and fool them into believing they are getting through your defenses. In reality, you put them into a secure "trap" where their activities are harmless, you can capture all of their activities (for research of course!) or feed them erroneous information.

In 1999, I wrote about deception and honeypots from military and network defense standpoints in my book Time Based Security. Just consider how much deception we used in World War II and throughout the Cold War. Part and parcel of the espionage job was to suck in your enemy and get him to believe your lies to put him off path. Good stuff in the real world now being applied to the world of network security. Still, no such real products could be called highly effective security tools.

It wasn't until I met the incredible and energetic Lance Spitzner, co-founder of the Honeynet Project, that I realized a small industry had been born that was based on these principles. Spitzner and I became close friends after I heard him speak in Dublin, Ireland, with eloquent passion about techniques in which I strongly believed.

Version 0.2 of Honeyd, a small daemon that creates virtual hosts on a network, appeared about a year and a half ago. A 1.0 version, under development by Provos and the open source community, is on the horizon.

With Honeyd, you can configure hosts to run arbitrary services and adapt their personalities so they appear to be running certain operating systems. Honeyd, which can claim up to 65,536 IP addresses, is used primarily for threat detection and assessment. By using various configuration tools, Honeyd deters adversaries by hiding real systems in the middle of virtual systems.

Since this field is so new and the developments coming so fast, I felt more comfortable picking a free honeypot rather than commercial software. Also, Spitzner considers Honeyd the most powerful honeypot.

That said, a couple of commercial products to watch are KeyFocus' KFSensor, a low-interaction honeypot that monitors an extensive amount of ports and services; Symantec's Decoy Server, a high-interaction honeypot used not only to detect or deceive bad guys, but also to gain additional information about them; and NetBait's managed service honeypot.

If you want to follow or participate in the growth of this area, I suggest you hang around www.honeynet.org.

Schwartau is the president of Interpact and the author of many books on security. He can be reached at winns@gte.net.

Learn more about this topic

Network World columnists archive

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
1 2 Page 2
Page 2 of 2
Must read: 10 new UI features coming to Windows 10