Sweetening the Honeypot

New free tools and services aimed at making honeynets more manageable are now becoming available: The Honeynet Project next month will roll out its new Global Distributed Honeynet as well as new honeynet tools, Dark Reading has learned, while the New Zealand Honeynet Alliance has begun offering client-based honeynet services for organizations that can't run their own servers.

Honeynets, networks of servers that act as lures for attackers trying to break into your network, have traditionally been a popular tool for researchers studying attacker behavior and malware. Most enterprises have avoided running these servers for fear of inviting trouble and because managing them and sifting through the data has been a time-consuming, resource-intensive process. And while honeynets provide lots of attacker- and attack data, they're passive nodes that don't actually stop attacks.

But honeynet organizers say they are working to make honeynets more feasible for enterprise security folks and Web administrators. "We are aware that in the past installing and maintaining and analyzing data from honeynets has been somewhat resource intensive," says Ralph Logan, principal with The Logan Group and vice president of the Honeynet Project. "What we've done over the last year is start breaking down these barriers."