Archive

Posts Tagged ‘honey pot’

Security Lessons from Nature – Autotomy

February 16th, 2010 Josh No comments

Autotomy is the fancy name that people give to the well-known tendency for certain lizards to throw off their tails to escape predators. The theory, is that the tail will thrash around and distract the predator, thereby giving the lizard a chance to get away. It must be noted that other critters like octopuses, crabs and some starfish also do this, as do sea cucumbers. (Though the sea cucumbers eject their internal organs instead.)

So what does this mean in the business/IT world? Well, the obvious analogy is to distract an incoming attacker by abandoning your resources and letting them go nuts while you relocate your business to Sri Lanka. However, some might consider this approach somewhat impractical.

However, if we stretch the analogy to the point of breaking (much like a lizard's tail), perhaps it makes sense to build a business strategy around distracting attackers. There are some technologies that could assist with this. A honeypot is often used to trap attacks so that people can learn from them. This has become even easier now that virtualization has become prevalent. All you have to do is join one of many projects and you'll have a nice fake network to distract attackers.

Another technique is tarpitting. This technology looks at incoming connections, and if they are not approved, it doesn't reject them right away, but instead extends the time before the connection is closed. Thus, attackers are delayed and, in theory, you gain the time to build a defense.

In practice, of course, you need to actually be watching for the attack and take defensive action. This technique wouldn't work very well if the lizard dropped it's tail and then stared dumbly as the dog wrestled the tail into submission, ate it, digested it, napped for a bit, woke up, got a bit hungry than then saw a nearby tasty tailless lizard. So, if you decide to go after this option, you have to remember to "run and hide". In other words, keep an eye out for the attacks and be ready to block them.

Tags: , ,

Related posts

Categories: Natural History Tags: , ,

Security Lessons from Nature – Glow Worm Cave

January 26th, 2010 Josh No comments

Those of you that have seen the series Planet Earth are probably aware of the glow worm cave. (Those of you that have not have some TV watching to do.) This is a cave full of cute little glow worms that make a light pattern on the ceiling of the cave that is reminiscent of the night stars. It's a beautiful sight to stare up at those little glittering pinpoints of lights.

Of course, that's the tourist spiel. In actuality, the "glow worms" are larval gnats that produce mucus and spin out long threads to entrap moths. When a moth becomes deluded by the mights and becomes trapped in the sticky threads, the larvae pull up the moth and liquefy and suck out their internal organs. After secreting mucus and dining upon moths for up to a year, they transform into gnats whereupon they mate and die... which seems like a lot of work to me, but then, I tend not to be consulted in matters such of this.

However, the lesson here is a good one. Namely, it's probably not worth travelling all the way to New Zealand to visit the the phosphorescent snot worm cave. However, a deeper lesson is that light attracts bugs. (Sure, I could have blogged about the moth and the candle, but then I'd not be able to talk about glow worms.) If you want to know something about the insects that inhabit a cave, just put out a light and see what comes visiting.

We do that in I.T. security to help identify the attackers that are on the Internet. We call them honeypots, which is likely a reference to Winnie the Pooh (I hope), but since I am not (yet) linking children's literature to security, we'll ignore that bit for now. Instead, we'll take a quick look at the value of Lepidopterisy. Just as a scientist can look at the types of moths ensnared in sticky mucusy silk and learn a lot about the ecology cage, a security researcher can examine the malware and attacks found within a honey pot and learn a lot about the sorts of attacks that they may be subjected to.

By creating your own honey pot, you get a chance to deal with attacks before (hopefully) they impact your production systems. However, just like fungus gnats larvae don't ignore the moths that stumble into their "webs" (strings, really), in order for this to be effective, you can't ignore what gets caught in the honey pot either.

Tags: , ,

Related posts

Categories: Natural History Tags: , ,