AdvisorBits

SANS Institute Free Webcast: Honeypots

Today I listened to this live webcast by Lance Spitzner, founder of the Honeynet Project. I've read a lot of Lance's stuff before so it was kind of exciting to hear him speak, in a really geeky sort of way.

You'll have to register to hear the webcast, registration is free. Spitzner has an interesting background, and I'm always interested to hear the military style tactical assessments of IT security incidents. According to his bio at http://www.spitzner.net/ he sounds a little like me, now...

"Lance Spitzner enjoys learning by blowing up his Unix systems at home. Before this, he was in the Army where he blew up things of a different nature."

(I was never in the Army but my Dad was, so I think I understand what he means there too. Artillery.)

I was pleased when I knew what they were talking about when they discussed tarpits. Its also really great to hear him talk about honeypots and honeynets because he's such a passionate advocate of the technology. I won't bother you with the details of what a honeypot is, this post isn't really about that.

If you're technically inclined and want to know, the webcast is archived and well worth about an hour's listening to get a thorough introduction to the technology and some Open Source implementations.

If you're not technically inclined, imagine a computer on the network that is designed to catch unauthorized users, sort of like when Winnie the Pooh gets his head stuck in a HONEY POT.

In my last post I mentioned a webcast about honeynets and honeypots by Lance Spitzner. Last week he posted a short report titled "Know Your Enemy: Trend Analysis" which is an analysis of data collected by the Honey Net Project. (It is one answer to the question, "what does one do with a Honeypot?")

http://www.honeynet.org/papers/trends/life-linux.pdf

The report says that some unpatched Linux machines remained on the Internet uncompromised for up to three months. This is considerably longer than I would have predicted.