RE: honeypot in conjunction with pen test?

From: Aleksander P. Czarnowski (alekc@avet.com.pl)
Date: Wed Jun 05 2002 - 12:15:21 EDT


I don't believe that installing honeypots before pen-test is a really
good idea.

If you consider just technological issues the honeypots don't proof
anything during pen-tests (I assume that the pentester is a pro): many
methodologies adjust to specific situation so at the end different tools
would be used against your honeypot and other parts of the system. On
could argue that it is possible to sniff all of pen-tester traffic to
verify what tests he really performed, but it in almost every case it is
just a waste of your time (unless you like strange learning approaches).

It also takes time and other resources to install before test and remove
honeypot after them. During this process you can unintentionally modify
state of your system so at the end pen-test results won't reflect
current system state.

Honeypot can also attract real attackers and it could lead to several
consequences. One of them is interference with pen-tests.

Just my 2 cents,
Best Regards,
Aleksander Czarnowski
AVET INS

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:22 EDT