Conclusion - Page 11 - Results from #10 | LinuxSecurity.com

Advisories

Feature Articles

Need an in-depth introduction to a new security topic? Our features articles will bring up up-to-date on everything from buffer overflows to SE Linux policy development.

Discover LinuxSecurity Features

Know The Enemy: Upgrade Your Threat Detection Strategy with Honeynets - Conclusion

Article Index

Know The Enemy: Upgrade Your Threat Detection Strategy with Honeynets - Conclusion

Conclusion 

Honeynets are a type of honeypot designed to gather information - specifically the tools, tactics and motives of the blackhat community. This information can be used to protect organizations against various threats. There are two design differences between traditional honeypots and a Honeynet. The first difference is that a Honeynet is not a single system, but a network of multiple systems and applications. The second difference is that Honeynets are production systems - the same systems found on the Internet. Neither the systems nor the vulnerabilities are emulated. This combination makes Honeynets an excellent research tool. However, Honeynets require a tremendous amount of administrative overhead. The Honeynet administrator has the responsibility of ensuring that no other systems will be attacked from a compromised Honeynet. LinuxSecurity Founder Dave Wreski evaluates the risks and benefits associated with deploying Honeynets: “Without proper administration, the risks of using a Honeynet may outweigh the reward. This tool is not a cure-all or a “band-aid” for fundamental security flaws, and it may not be a suitable solution for every organization. Organizations should first focus on securing their systems. Once secured, they may then be able to utilize Honeynets as a powerful tool to take the initiative and learn more about both the enemy and themselves.”

Comments (0)

There are no comments posted here yet

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.