The Web    Google
AntiOnline Security Spotlight: Firewalls and Honeypots

AntiOnline Security Spotlight: Firewalls and Honeypots
August 21, 2003

AntiOnline: Maximum Security for a Connected World

O.K., so you're fed up with all of those nasty worms. Perfectly understandable. This week, we switch gears and turn our attention to an area of AO dedicated to firewalls and honeypots.

We'll skip the Firewall 101 song and dance and jump right in to take a look at a discussion on firewall recommendations. See why some AO's members employ one over the other and discover the reasons for their devotion to certain brands of network protection.

Honeypots, on the other hand, are systems that are intentionally "underprotected", or at least that's the way it seems to outsiders. The reason for this is simple: research. Like a National Geographic cameraman behind a duck blind, security experts monitor their honeypots to spy on the latest weapons in a hacker's arsenal.

This type of "in the field" observation is a gold mine for IT staffers in charge of networks (think banking, finance) that make tempting targets for unscrupulous attackers.

Sure, it may seem like the something out of the latest cloak-and-dagger techno-thriller. On the other hand, you'll be glad you don't work for the firm whose network couldn't keep a lid on customer data. Having those headlines dog your company is not how to make a play for that promotion.

Direct links to this week's spotlight threads:

Of Interest:


In the Firewall Recommendations thread, which was born back in May, gunit0072003 outlined the reasons why Netscreen won out in this recent post:

Netscreen was our choice for the following reasons:

1. It implements VPN in hardware (ASIC) unlike Cisco although now Cisco PIX has feature of VPN accelerator card. ASIC is lot faster than implementing in software.
2. Manageabilty a lot better than Cisco PIX. Cisco was a pain to manage as the rules list increased...
3. Netscreen allows you to take an interface (ex: gig interface) and break it up into multiple sub interfaces thus allowing you to create many DMZs without buying additional hardware... Csico does not have that feature, in fact, the maximum number of interfaces on the PIX525 was, I believe, around 15-17 (and that's the high end expensive platform.)

Help update and drop a recommendation or two.

tonybradley kicked off this honeypot discussion by pointing out an online paper on how to get some enjoyment out of your honeypot while guarding the systems under your watch. A worthwhile read.

Jason Larsen and Alberto Gonzalez have published a paper on honeypots at


....Honeypots can be used to ensnare and beguile potential hackers; entice them to give you more research information, and actively defend your production network.

Read the article for yourself (full link contained within the post) and write back with your impressions!

What is AntiOnline?

AntiOnline (AO) is home to many of the most popular network security discussion forums online. Here, participants engage in candid, thought-provoking and enlightening exchanges on security hazards and how to protect your systems against them.

We invite you to join the AO community (it's free!), share your wisdom and learn a few things in the process. Stay tuned as Enterprise IT Planet spotlights the eye-opening discussions and expert participants that have helped make AO the "go to" online resource for network security.

  • HP Cuts to the Middle of Disaster Recovery
  • 4/8: Cabir-J Worm Affects Symbian Phones
  • Virus Alert: Worm Uses Own SMTP Engine to Spread
  • Can Market Forces Secure the Internet?
  • Linux Security: Tips from the Experts
  • NIKSUN offers a security camera for your network
  • 6/4: Korgo-D Attacks Buffer Overrun
  • Neoteris Extends Gateway Access
  • Security Execs Identify Top Issues for 2005
  • 4/8: Imabut-A Trojan a Floppy Disk Image
  • How hacking has entered the age of mass production.
  • Security Camera Companies and products