Honeypots: An Innovative Approach to Cyber Security

Owing to an ever changing cyber security platform, Schmidle (2018) attests that the objective of securing information systems must continuously expand in scope with respect to the increasing number of tactics, tools and methods used to compromise networks. Even though techniques like penetration tests and Intrusion Detection Systems are effective in creating a secure network infrastructure, it is valuable for firms to consider the ever-existing vulnerabilities, hence the prospect of attackers exploiting them. One of the innovative strategies of diluting such vulnerabilities is through the deployment of honeypots alongside standard security measures. What are honeypots?

Honeypots

According to Yang (2015), a honeypot is an information security mechanism deployed to detect and deflect, or counteract cyber security attacks on unauthorized network infrastructures and information systems. On the other hand, (Bressler et.al, 2014) second this thought by suggesting that it is a system fused with a network, to be probed and attacked. They further say that honeypots have no production value, hence serve no ‘legitimate’ purposes. To further add voice, it is a system security resource whose significance lies in its illicit use (Sokol et.al, 2017).

Based on objectives, there are two types of honeypots. Research honeypots are deployed to gather information about attacks. Thus, they are specifically used by organizations to learn hacking methods used by attackers. Contrarily, production honeypots are used to divert attacks from crucial network systems while gathering information about the attack (Jian et.al, 2013). In relation to design criteria, honey pots can either be classified as pure honeypots (monitoring of an attacker’s activities through a bug tap pre-installed on the honeypot’s link to the system) or high-interaction honeypots ( mimicking activities of a production system that hosts numerous services, hence attackers are granted access to these services to waste their time) (Bressler et.al, 2014) . Besides, low-interaction systems only simulate the services frequently sought by attackers.

Effectiveness of Honeypots in an Organization

According to Sokol et.al (2017), honeypots increase the chances of success in warding off organizational network attacks while also maintaining low false positives. In the current information security space, most defensive cyber-attack technologies are no match for advanced attackers since they have the resources and means to conduct their attacks. Honeypots fill this gap since attackers face difficult times predicting their uses and breaching their defenses. Additionally, they have low positive rates since production honeypots are not accessed by legitimate users.

 Honeypots are also effective in slowing down attackers who have successfully breached an organization’s network (Schmidle, 2018). Through honeypots, a firm can create many decoys to distract attackers, hence making them to take more time to access valuable data. Apart from moving the threats on real assets to fake ones, the honey tokens approach involves seeding fake data within databases that should not be accessed. By creating rules in the firewall to sound alerts on unique data, organizations can detect whenever a hacker accesses the information (Bressler et.al, 2014).

Schmidle cannot agree more to the above sentiments by adding that honeypots are a vital training tool for any organization’s cyber security team (Schmidle, 2018). By using honeypots to closely monitor and watch attackers’ activities in a firm’s network, information security personnel, the executive and even employees can have a glimpse of the latest cyber attack techniques, tricks and tools. As a result, the key parties tasked with securing the company’s information systems gain valuable knowledge on how attackers work. Further, they are acquainted with the right remedies and procedures to halt the intermediary attacks on the firm’s networks (Yang, 2015).       

Negative Impacts of Honeypots to a Firm

The common notion that any technology cannot be fully pure equally applies to honeypots. Core among these concerns is the fact that honeypots have a very narrow field of view. Since they detect and see the attacks that are only directed towards them, honeypots cannot determine if attackers breach other company’s systems within the network (Jian et.al, 2013). Besides, an attacker can avoid a particular system with a honeypot and infiltrate the firm. In simple terms, its small field of view excludes activities happening around it like potential exploitation of other system vulnerabilities. Such exploitations could inflict substantial damages to an organization’s information security systems.

The other potential harm that comes with honeypots is finger-printing (Bressler et.al 2014). In finger-printing, an attacker can easily identify the real identity of a honeypot since it has some expected features. In the event that an attacker identifies a firm using honeypots on its network infrastructure, there are higher chances of spoofing the identities of other production systems, hence attacking the honeypot. Basically, the honeypot will detect such spoofs, hence falsely alerting the network administrators that a specific production system was attacking it. The real harm comes when the firm tries to analyze the false attacks. Meanwhile, the attacker focuses on carrying out real attacks on the organizations crucial systems (Bressler et.al, 2014).

Yang says that risk is the other potential harm caused by honeypots (Yang, 2015). According to him, they introduce risks to an organization’s information system environment. Once attacked, honeypots can be used to infiltrate and harm other organizational systems. Besides, different honeypots possess varied levels of risks. Simple honey pots have fewer risks. However, complex honeypots give attackers actual operating systems to interact with, hence putting their integrity in jeopardy. In light of this, attackers can use honeypots to carry out active/passive attacks against other organizations or even existing systems (Sokol et.al, 2017).

Honeypot Liabilities

Liability implies that an organization could be sued if its honeypots are used by attackers to cause harm to other organizations’ network infrastructures and information systems (Schmidle, 2018). Worth noting, liability is not a legal issue, but a civil concern. The argument put forth is that if a firm had taken precautions to secure its systems, attackers would not have used its honeypots to cause harm to other organizations. As a result, any firm with honeypots risks taking the blame for any damages caused to another organization by attackers. Besides, honeypot laws are widely ‘untested’ (Bressler et.al, 2014). Consequently, it may be quite difficult to prosecute attackers if a firm has honeypot systems.

Privacy

Privacy laws, more so in America, limits an organization’s rights to gather data about an individual, even attackers breaking into a firm’s honeypot. Such information may be as basic as login credentials or complex data like online chats. It may sound odd, but organizations don’t have the right to capture a hacker’s communications, more so his communications with others like fellow hackers, or other individuals’ communication with each other (Schmidle, 2018). The other challenging aspect of privacy is consent. When an organization consents to monitor its systems, their right to privacy is waived (Yang, 2015).

Entrapment

Organizations must recognize the fact that honeypots are not by any means a form of entrapment. Entrapment is an inducement from a law officer to another person to commit a crime(s), in an attempt to later press for criminal prosecutions against such persons (Sokol et.al, 2017). As a result, entrapment is only usable as a defense mechanism to avoid convictions. Secondly, one must be a law enforcement officer or an agent of the law to prosecute an attacker, prior to entrapment becoming an issue (Schmidle, 2018). Even if one is considered as law enforcement and a firm wants to prosecute an attacker, honeypots are not considered as entrapment.

Conclusion

Honeypots can be termed as an additional layer of protection to Intrusion Detection/Prevention Systems. Majorly, they are meant to steer away attackers from the main systems through decoys. Honeypots have the potential to add value to organizations if deployed in the correct manner. However, they can also be a major source of harm to the organization. Thus, a firm must clearly outline the risks it wants to minimize with a honeypot and the vital requirements needed to accomplish this.                                                                                                                           

References

Bressler, M. S., & Bressler, I. (2014). Protecting your Company's Intellectual Property Assets from Cyber-Espionage. Journal of Legal, Ethical & Regulatory Issues, 17(2), 1-15

Jian, C., Venkatasubramanian, K. K., West, A. G., & Insup, L. (2013). Analyzing and Defending Against Web-Based Malware. ACM Computing Surveys, 45(4), 49. doi:10.1145/2501654.2501663

Schmidle, N. (2018). Digital Vigilantes. The New Yorker, (12)

Sokol, P., Míšek, J., & Husák, M. (2017). Honeypots and honeynets: issues of privacy. EURASIP Journal on Information Security, 2017(1), 1. Doi: 10.1186/s13635-017-0057-4

Yang, H. (2015). A study on attack information collection using virtualization technology. Multimedia Tools & Applications, 74(20), 8791. Doi: 10.1007/s11042-013-1487-8