I spent the past few days in Mexico City participating in the annual meeting of the Honeynet Project
, an international group dedicated to developing and deploying technologies that collect intelligence on the methods malicious hackers use in their attacks. The event brought in experts from around the globe, and our hosts — the National Autonomous University of Mexico
(in Spanish, UNAM) were gracious and helpful.
As it happens, honeynets and other “deception technologies” are among the approaches discussed in the following document, written by the National Security Agency
’s Information Assurance Directorate
. A source of mine passed it along a while back, but I only rediscovered it recently. I could not find a public version of this document that was published online previously, so it has been uploaded here.
The 605-page PDF document reads like a listing of the pros and cons for a huge array of defensive and counterintelligence approaches and technologies that an entity might adopt in defending its networks. Of particular interest to me was the section on deception technologies, which discusses the use of honeynet technology to learn more about attackers’ methods, as well as the potential legal and privacy aspects of using honeynets. Another section delves into the challenges of attributing the true origin(s) of a computer network attack.