Honeypots

Honeypots

Another form of IDS are honeypots. These systems differ from the other forms of IDS in that they act as service endpoints, yet have no actual production services. The honeypots simply appear to run vulnerable services and capture vital information as intruders attempt unauthorized access. Using a honeypot, you can effectively place a doorbell on the network for hackers to ring and let you know they are there. In some honeypot designs, not only does the honeypot alert administrators regarding hacking attempts, but they capture all keystrokes and any files such as a rootkit that might have been used in the intrusion attempt. There are several commercial and open source honeypot software applications available for use on various operating system platforms. Some of the commonly used applications include:

• Honeyd  www.citi.umich.edu/u/provos/honeyd/

• Deception Toolkit  www.all.net/dtk/dtk.html

• Specter  www.specter.ch/

• Symantec Mantrap  http://enterprisesecurity.symantec.com

• Honeynets  http://project.honeynet.org/