KPN will deploy this year honeypots to better understand the process of cybercriminals, as the telecom provider's own website announced . "Honeypots are an example of how we as KPN keep abreast of methods and tools of attackers," said Jaya Baloo, Chief Information Security Officer.
A honeypot is a mostly deliberately vulnerable machine attached to the Internet. Then can be monitored how attackers trying to break into the machine. To ensure that an attacker through the honeypot no other servers in the network attacks that are run in a restricted environment. KPN uses Linux Containers (LXC). Each process gets its own container where only a limited area is accessible, according to a report ( pdf ) where the honeypots are defined.
Log data are moved to the storage directly to another container. KPN also makes the setup using a routing container. This container is responsible for Network Address Translation (NAT) between the individual honeypotcontainers and the outside world. Additionally, the program runs continuously tcpdump to save traffic to the honeypot and study in the case provides the honeypot itself is not enough information.
Location
According to KPN plays in deploying honeypots location is key. "It is important to have a clear idea of where you want to place your honeypots before you start to build, because the location eventually largely affects how useful you will be honeypot datas." KPN has a number of physically separate networks with different functions. Based on these features, the locations were chosen where the honeypotservers to start running. "If we know how and why criminals and hackers to penetrate our systems, we can take action," said Baloo. "Everything for a safer network."
No comments:
Post a Comment