On Monday, the volunteer group, which consists of two dozen computer security, information intelligence, and psychology professionals, released the second version of its “how-to-build-a-honeynet” software, a tool used by law enforcement and others interested in security issues to track the behavior of hackers.
For those folks not down with security lingo, a “honeynet” expands on the concept of a “honeypot,” a software application that pretends to be a server on the Internet and lures unsuspecting hackers to it. A “honeynet” is a collection of these “honeypots” networked together. When hackers (or “blackhats,” as they’re known in security circles) enter the honeynet, they are watched closely by a combination of surveillance technologies.
“You’re really playing with fire in this type of environment,” says Lance Spitzner, a security architect at Sun Microsystems Inc. (Nasdaq: SUNW) and founder of the four-year old HoneyNet Project. “The whole point is to observe the bad guys as they go about their work in a controlled setting without them knowing it.”
The way it works is an intrusion-detection system triggers a virtual alarm whenever an attacker breaches security on one of the networked computers. Meanwhile, an administrator watches everything the intruder types, from commands to emails to chat sessions. A separate firewall is set up to cut the hacker off from the Internet anytime he tries to attack another system from the honeynet.
Proponents say the latest HoneyNet release includes the following improvements over previous versions:
So are the Honeynet Project volunteers some sort of cyber police force? Not at all. The not-for-profit group’s only purpose is to observe and learn about hacker behavior and share that information with the public. That’s not to say that the information and tools gathered can’t be used to catch bad guys. Government agencies like the United States Department of Homeland Security and the Federal Bureau of Investigation (FBI) already use HoneyNet Project information and techniques in their work.
The HoneyNet Project is not designed for commercial use, according to Spitzner. He says it wouldn’t make much sense for an enterprise to spend the resources to build such a network. But network security might use the tools to learn more about hackers and recommend strategies to clients.
All software on the HoneyNet Project Website is free to download by anyone. For more information, go to The HoneyNet Project.
— Marguerite Reardon, Senior Editor, Light Reading