Tag Archives: email

A Sweet Addition in Your Arsenal of Protections

Perimeter security has made leaps and bounds for detecting and preventing attacks. However, rules and detection methods cannot catch everything. The big question is: What should you do once malware or an attacker is in an environment? Answer: Honeypots.

They work as an early-alerting system for complex attacks, and produce very few false positives, when tuned properly, compared to firewalls, IPS, and IDS. The sole purpose of a honeypot is to be probed, attacked, and compromised. This is accomplished by mimicking any resource, service, application, system, or network. All activity between the honeypot and malware/attacker is monitored, alerted on, and analyzed. Some examples of activity can be: scanning for activity of worms or bots, looking for internal threats, detecting compromised nodes, identifying new exploits and vulnerabilities, or capturing new malware.

Honeypots are one of the most underutilized ways to detect a threat once it has hopped the fence of perimeter security. However, the email security industry has relied heavily on the honeypot, or spamtrap, as one of their most widely used and effective ways to detect incoming phishing and spam. Perhaps this disparity exists because honeypots in a production environment are commonly viewed as an insecure holes that allows an attacker into the environment. This should not be the case. A honeypot can be deployed in a normal secured environment, or in an isolated DMZ. Obviously, once a threat has been detected by a honeypot the normal environment can no longer be referred to as secure. The moment that a honeypot has been compromised, a threat has found a way into your environment and all of your servers are exposed. It should be assumed that anything on the network with the honeypot is or will be compromised as well. In this scenario, you still get the benefit of early alerting regarding the compromise.

Deploying a properly isolated honeypot is also worth the effort. Based on the information that is produced through the alerting and reporting, we can gain insights into our operating systems and servers, host protections, and information protections. By monitoring a live infection or attack, we can learn how these areas of the security model are being comprised by threats.

With BYOD being more prevalent every day and attack vectors growing, a detection mechanism such as a honeypot could end up being invaluable.

Matt

Just as a precautionary note this approach must be implemented with the proper expert guidance and strategic planning otherwise it can introduce unwanted threats into an environment.

Pay Attention!

Preying on quick decisions…pay attention!

I was travelling recently to our nation’s capital for a security conference (there’ll be another article on this topic) and most of my means of communications was through my mobile device.  I was quickly scanning my emails when the following LinkedIn invitation came through:

Most enterprise organizations have fairly sophisticated email filters today but the odd phishing, malware-link infested message does find its way through. When I receive a suspicious email, I typically look at the telltale signs of a fraudulent email – do I know the sender, who is it being sent to, do I recognize the organization.   As you can see from the screenshot above, all of the basic checks passed.  Our security awareness training teaches people to hover over the links to see where you’re actually connecting to.  However, on a mobile device, it’s not quite as easy – with all our fancy touch screens it’s sometimes difficult to select a hyperlink and browse the final destination.  I was able to determine the final destination of the hyperlink via my handheld but it made me wonder, would other people be so diligent? 

Remember the good old days when some prince in Africa wanted to transfer funds and the email body was written in horrible English and the sender would be some bizarre fellow with a name you’d never heard of.  Today’s email phishing attacks and malware link laden emails are getting quite sophisticated – pay attention…you never know when an email such as this finds itself in your inbox.

Eugene Ng