I spent the past few days in Mexico City participating in the annual meeting of the Honeynet Project, an international group dedicated to developing and deploying technologies that collect intelligence on the methods malicious hackers use in their attacks. The event brought in experts from around the globe, and our hosts — the National Autonomous University of Mexico (in Spanish, UNAM) were gracious and helpful.
As it happens, honeynets and other “deception technologies” are among the approaches discussed in the following document, written by the National Security Agency‘s Information Assurance Directorate. A source of mine passed it along a while back, but I only rediscovered it recently. I could not find a public version of this document that was published online previously, so it has been uploaded here.
The 605-page PDF document reads like a listing of the pros and cons for a huge array of defensive and counterintelligence approaches and technologies that an entity might adopt in defending its networks. Of particular interest to me was the section on deception technologies, which discusses the use of honeynet technology to learn more about attackers’ methods, as well as the potential legal and privacy aspects of using honeynets. Another section delves into the challenges of attributing the true origin(s) of a computer network attack.
The document is a final draft from back in 2004, although I’m told the final version of the document varies little from this copy. In any event, it may be surprising to some to see how many of the techniques, technologies and challenges detailed in this document remain relevant and timely six years later. It is embedded in this blog as a Scribd file, viewable after the jump (the document is > 5mb, so please be patient). I removed the Scribd embedded PDF, because it was causing problems for too many readers. The full PDF is available at this link here.