Honeypots are network decoys that are closely monitored to detect and/or deflect any unauthorized attempts to gain access to a networked information system. Honeypots “consists of computers data or a network site that appears to be part of a network but which is actually isolated and protected, and which seems to contain information that would be of value to attackers” (Audit My pc.org)
Some of the advantages associated with the deployment of honey pots include the fact that they provide “valuable surveillance and early warning tools” (Audit My pc.org). Honeypots collect a very small amount of data, most of which can give accurate information, in a form that is easy to understand. This preciseness makes it easy to analyze and react to any network attack or intrusion. Compared to other intrusion detection systems like firewalls, honeypots are always active as their resources are never used up. This is because they capture a small amount of data, hence making them suitable for monitoring high throughput networks. Besides, honeypots are easy to set up, configure and deploy.
Although honeypots are great tools for monitoring networks, they have some disadvantages, the greatest one being the fact that they have a narrow field of scope. Honeypots detect only those attacks that are directed at them. They possess known characteristics and behaviors that make it easy for attackers to easily identify them. Honeypots put the network at risk, because “once they are attacked, they can be used to infiltrate other systems in the network” (Spitzer). These advantages make honeypots not to be considered effective tools for network security.
Those who oppose honeypots on the basis of entrapments are may not be right. According to the supreme court, entrapment is “the conception and planning of an offense by an officer, and his procurement of its commission by one who would not have perpetrated it except for the trickery, persuasion, or fraud of the officers” (Spitzer) However, Honeypots do not induce attackers to exploit them. But it is the attacker who initiates the process by searching for the system for vulnerability.
Apart from entrapment, the use of honeypots has other ethical issues which include privacy and liability. US privacy law restricts a person’s right to capture another person’s data, in this case, the attacker’s data. This information includes username, password, emails, etc. The other ethical issue is liability where a honeypot is used to attack another system. The owner whose system has been attacked may sue the person who deployed the honeypot for damages.
Worst Computer worm
As of January 16th, 2009, the worst computer worm was Downadup, aka Conficker. It has so far infected over 9 million computers operating on Microsoft operating system since it was unleashed in 2007. At one time the number of infected machines rose from 2.4 million to 8.0 million in just four days. The worm takes advantage of a bug in Microsoft “Windows Server Service that used by Windows 2000, XP, Vista, 2003 and server 2008” (Deutsche Press).
The worm normally searches for a “Windows executable file called ‘services.exe’ and then becomes part of that code” (Deutsche Press). Once the worm become entrenched in a computer, it generates domains and uses one of them to reach “a malicious server from which it downloads additional malware to install on the hijacked computer” (Deutsche Press)
Currently, internet users have to worry about H1N1 computer viruses. “The virus is in form of an email scam that promises to offer the H1N1 vaccine, but end up infecting user’s computer with the virus once they open it” (Five Point Capital). The email can be very deceiving in that it looks like it originates from the CDC. Already FBI has sent out a warning to internet users about the possible threat presented by the H1N1 email scam.
Law Enforcement and Computer Forensic
Current police training does not prepare police to handle computer-related evidence and as such, they are not ready to handle computer crime and evidence. In most cases, police will examine the content of computers in a crime scene and end up tainting the evidence without knowing. Today, the nature of crime has changed and most crimes are carried by the use of computers. These include crimes like tax fraud, child pornography, credit card theft, etc.
Given a chance to reorganize the police department, I would propose changes to the current police training to include basic computer knowledge and skills. I would also use for a budgetary allocation that goes to train a computer forensic squad or unit, competent enough to handle computer-related crimes. I would also encourage information sharing between Computer forensic squad/units in different parts of the country. All police officers will be trained to understand the intricacy of computer crime to reduce the chances of evidence tainting.
Already, there is an of range certification courses designed to train in the field of computer forensic. A police officer can take advantage of this certification. One main hindrance is the cost of the exam which ranges between $500 and $700. Provision of funding for such courses by law enforcement is also a great way of a training police officers to handle computer crimes.