Latest news
The EU cyber security Agency ENISA is launching an in-depth study on 30 different digital traps or honeypots that can be used by CERTs to proactively detect cyber attacks. The study reveals barriers to understanding basic honeypot concepts and presents recommendations on which honeypot to use.An increasing number of complex cyber attacks demand better early warning detection capabilities for CERTs. Honeypots are, simplified, traps with the sole task of luring in attackers by mimicking a real computing resource (e.g. a service, application, system, or data). Any entity connecting to a honeypot is deemed suspicious, and all activity is monitored to detect malicious activity.
This new study presents practical deployment strategies and critical issues for CERTs. In total, 30 honeypots of different categories were tested and evaluated.
Goal: to offer insight into which open source solutions and honeypot technology are best for deployment and usage.
Since there is no silver bullet solution, this new study has identified some shortcomings and deployment barriers for honeypots: the difficulty of usage, poor documentation, lack of software stability and developer support, little standardisation, and a requirement for highly skilled people, as well as problems in understanding basic honeypot concepts. The study also presents a classification and explores the future of honeypots.
The Executive Director of ENISA Professor Udo Helmbrecht commented: “Honeypots offer a powerful tool for CERTs to gather threat intelligence without any impact on the production infrastructure. Correctly deployed, honeypots offer considerable benefits for CERTs; malicious activity in a CERT’s constituency can be tracked to provide early warning of malware infections, new exploits, vulnerabilities and malware behaviour, as well as give an opportunity to learn about attacker tactics. Therefore, if the CERTs in Europe recognise honeypots better as a tasty option, they could better defend their constituencies’ assets.“
For an interview with Professor Udo Helmbrecht check out the September issue of (IN)SECURE Magazine.
Spotlight
IT security jobs: What's in demand and how to meet it
Posted on 15 May 2013. | Let's say you want a career in information security, where do you start? What credentials do you need? What are employers looking for? Read on to find some answers.
Is Microsoft is reading your Skype communications?
Posted on 15 May 2013. | The question of whether Skype allows U.S. intelligence and law enforcement agencies to access the communications exchanged by its users has still not been adequately answered by Microsoft.
Internet Explorer best at blocking malware
Posted on 14 May 2013. | While Chrome’s malware download protection improved significantly, Internet Explorer 10 continues to outperform the other browsers with a block rate of 99.96%.
Researcher refuses to help Saudi telco to spy on people
Posted on 14 May 2013. | You would think that a Saudi Arabian telecom firm interested in monitoring its users' mobile communications would not be asking a well-known pro-privacy researcher for help, but you would be wrong.
Malicious browser extensions are hijacking Facebook accounts
Posted on 13 May 2013. | Facebook users - especially those in Brazil - are being targeted with malicious browser extensions trying to hijack Facebook profiles, warns Microsoft.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
