Category Archives: HoneyPoint

How Honeypots Can Help You

Posted on by
Reply

A honeypot is a trap set to detect or deflect attempts at unauthorized use of information systems. Generally it consists of a computer, data or a network site that appears to be part of a network but which is actually isolated and protected, and which seems to contain information that would be of value to attackers.

It is important to note that honeypots are not a solution in themselves. They are a tool. How much they can help you depends upon what you are trying to achieve.

There are two different types of honeypots: production and research. Production honeypots are typically used by companies and corporations. They’re easy to use and capture only limited information.

Research honeypots are more complex. They capture extensive information, and used primarily by research, military, or government organizations.

The purpose of a production honeypot is to mitigate risk to an organization. It’s part of the larger security strategy to detect threats. The purpose of a research honeypot is to collect data on the blackhat community. They are used to gather the general threats against an organization, enabling the organization to strategize their response and protect their data.

The value of honeypots lies in its simplicity. It’s technology that is intended to be compromised. There is little or no production traffic going to or from the device. This means that any time a connection is sent to the honeypot, it is most likely to be a probe, scan, or even attack. Any time a connection is initiated from the honeypot, this most likely means the honeypot was compromised. As we say about our HoneyPoint Security Server, any traffic going to or from the honeypot is, by definition, suspicious at best, malicious at worst. Now, this is not always the case. Mistakes do happen, such as an incorrect DNS entry or someone from accounting inputting the wrong IP address. But in general, most honeypot traffic represents unauthorized activity. What are the advantages to using honeypots?

  1. Honeypots collect very little data. What they do collect is normally of high value. This eliminates the noise, making  it much easier to collect and archive data. One of the greatest problems in security is sifting through gigabytes of useless data to find something meaningful. Honeypots can give users the exact information they need in a quick and easy to understand format.
  2. Many security tools can drown in bandwidth usage  or activity. NIDs (Network Intrusion Detection devices)  may not be able to handle network activity, and important data can fall through the cracks. Centralized log servers may not be able to collect all the system logs, potentially dropping logs. The beauty of honeypots is that they only capture that which comes to them.

Many of our clients swear by our HoneyPoint family of products to help save resources. With its advantages, it’s easy to see why! Leveraging the power of honeypots is an excellent way to safeguard your data.

Mobile Directory scanning efforts

Posted on by
Reply

The HITME has been abuzz with alerts from around the globe of scans attempting to find various mobile directories on HoneyPoint hosts. Here is a list of targets that are being checked for:

/iphone
/m
/mobi
/mobile

While no scanner signatures or identifiers are being sent with the probes, it’s still cause for concern over the recent surge in interest of these directories. Web Admins should check their servers for these signatures. You can do so using our BrainWebScan tool if you would like (FREE). You can copy and paste the signatures from this page into the brain file and scan your environments for these targets.

Project Honey Pot Finds Malware – And So Does MicroSolved’s HoneyPoint #Security Server

Posted on by
Reply

Project Honey Pot, a non-profit grassroots community of IT professionals founded in 2004 to capture and analyze malicious traffic, just captured its one billionth spam message. It is marking the opportunity by releasing its findings. They discovered that the number of computers co-opted as part of botnet operations has experienced a yearly average increase of 378%.

“Fortunately, Project Honey Pot’s coverage of active botnets has grown over time at an even faster rate. In 2006, we saw less than 20% of the active bots on any given day. Today we see more than 80%”, the Project said. Project Honey Pot is on a quest to find where spammers hide. They used the fact that botnet computers are primarily utilized for sending spam to do data analysis. It took the number of infected PCs in a country, divided by the number of Project Honey Pot members in the country, to create a ratio showing how friendly that country was to spam originating within its borders.

The Project also found that different types of spam campaign used harvested messages with varying speed. Product-based spam campaigns would build up a collection of harvested addresses for as long as a month before mailing them. On the other hand, they found that ‘fraud’ spammers who commit phishing scams, tended to send to and discard harvested addresses almost immediately.

We’re aware of these issues and have a potent weapon against such threats. Our HoneyPoint Security Server has been praised by our clients in helping them by providing more direct, targeted information on threats than anything they’ve experienced. HoneyPoint Security Server was born out of a three year initiative to break the attacker cycle. Its power and flexibility come from the underlying realization that attackers have a need for confidentiality, integrity and availability too. HoneyPoint leverages these needs and turns the tables on attackers at every opportunity.

While HoneyPoints seek to remove the confidentiality of attackers, we wanted to go beyond that basic approach. To accomplish this, MSI invented HornetPoints and HoneyPoint Trojans. HornetPoints also emulate typical services, but when they are probed, they don’t just alert – they engage in a patent- pending technique called “defensive fuzzing” that actively tampers with the attack results. In many cases, this actually breaks attacker tools and confuses all but the most focused of cyber-criminals.

HoneyPoint Trojans also make assaults on attacker integrity. These common appearing documents and files look just like any other juicy bits of target data, except these files hold a special secret – a sting. HoneyPoint Trojans alert security teams when they are interacted with, allowing you to find the source of illicit behavior and even track who is doing what as the Trojan is passed through the attacker underground. Imagine the impact that HoneyPoint Trojans have when attackers are afraid to read captured documents, unable to sort out what is real and what is a trap.

HoneyPoint Security Server can even target attacker availability. Using the incredibly flexible plugin architecture, it can easily be integrated with existing defense-in-depth tools such as routers, switches, firewalls and SEIM products. It can alert administrators for human responses or be a part of a fully automated security solution. Many of our clients depend on HoneyPoints and HornetPoints to drastically reduce their risk levels. Wouldn’t you love to stop wasting time by chasing ghosts and instead chase the real thing? Why not contact us today and let us help you do the same? Hackers aren’t waiting. Neither should you.

HoneyPoint a Semi-Finalist for Innovation Awards in Columbus

Posted on by
2

HPSS

MSI is proud to announce their nomination in the annual Innovation Awards, sponsored by TechColumbus, which recognizes outstanding achievements in technology leadership and innovation. HoneyPoint, MicroSolved’s flagship software, has been nominated for Outstanding Product for companies with 50 employees or less.

On Thursday, February 4, 2010 the annual TechColumbus Innovation Awards will showcase Central Ohio’s many achievements by honoring its top innovators. It is a night of networking, prestige, and celebration.  From a record number of nominees, winners in 13 award categories will be announced to an audience of 1,000+ attendees.

MicroSolved, Inc. is proud to be a Semi-Finalist in the Outstanding Product category. “It is an honor to be a Semi-Finalist for this award and to be recognized for our innovations. We look forward to the event and being surrounded by our peers, colleagues and mentors to learn if we will be named Outstanding Product,” commented Brent Huston, CEO and Security Evangelist.

Huston developed HoneyPoint Security Server three years ago, motivated by a keen desire to break the attacker cycle. Huston concludes, “Attackers like to scan for security holes. HoneyPoint lies in wait and traps the attacker in the act!”

The TechColumbus Innovation Awards celebrate the spirit of innovation by recognizing outstanding technology achievements in Central Ohio. This prestigious evening showcases the region’s advancements and promising future. For more information, visit http://www.techcolumbusinnovationawards.org or www.techcolumbusinnovationawards.org. For more information on HoneyPoint, please visit http://microsolved.com/2009/HoneyPoint.html.

HoneyPoint Security Server Console 3.00 Released

Posted on by
Reply

This is an informal notice to the readers of the blog and the Twitter feed that we have made the 3.00 console release available on the FTP site. You can get the latest version using the credentials shipped with your original purchase.

Installation and upgrade is through the normal processes. Please let us know if you have any questions. A formal announcement and press release will be forthcoming tomorrow, but we wanted to give our readers a chance to grab the code before the onslaught begins. 🙂

Thanks to everyone who participated in the 3.00 testing and we are very happy to make this available. The next release will likely be the 3.00 version of the newly consolidated HoneyPoint Agent and Configuration Utility. More on that in the near future!

HoneyPoint Appliance and Virtual Appliance Growing

Posted on by
Reply

I was so pleased with the news from my team yesterday that we are just about ready for the formal release of the HoneyPoint physical appliance. We are putting the final polish on the devices and they will be ready for release by the end of next week.

The virtual appliance is now going into its 2.0 architecture. The appliance has been rebuilt from scratch, hardened and reconfigured. It is also ready for shipment.

Special thanks to Adam for his work on completing these “decoy hosts” for folks that don’t want to put HoneyPoints on their production servers. His work is pushing HoneyPoint to the next stage of evolution and is much appreciated!

You can get both the virtual appliance and the physical appliance as a part of HoneyPoint Security Server and through the Managed HoneyPoint service as well. Drop us a line or give us a call to learn more about either of these programs!

HoneyPoint Cracks with a Hidden Cost

Posted on by
Reply

OK, so we have been aware of a couple of cracked versions of HoneyPoint Personal Edition for a while now. The older version was cracked just before the 2.00 release and made its way around the torrent sites. We did not pay much attention to it, since we believe that most people are honest and deserve to be trusted. We also feel like people who value our work will pay the small cost for the software and those that just want to play with it and are willing to risk the issues of the “warez” scene would not likely buy it anyway….

However, today, someone sent me a link to a site that was offering a crack for HoneyPoint Personal Edition. The site was not one I had seen before, so I went to explore it. I fired up a virtual lab throw away machine and grabbed a copy of the crack application.

As one might expect, the result was a nice piece of malware. Just for grins, I uploaded it to Virus Total and here is the result:

http://hurl.ws/432e

Now, two things are interesting here. First, the crack is not even real and does not work. Second, once again, the performance of significant anti-virus tools are just beyond poor. 6 out of 41 products detected the malware in this file. That’s an unbelievably low 14.6% detection rate!

The bottom line on this one is that if you choose to dabble in the pirate world, it goes without saying that, sometimes you will get more than you bargained for. In this case, trying to get HoneyPoint Personal Edition for free would likely get you 0wned! Ahh, the hidden costs of things…..

If you are interested in a legitimate version of HPPE, check it out here.

In the meantime, true believers, take a deep breath the next time your management team says something along the lines of “…but, we have anti-virus, right…” and then start to educate them about how AV is just one control in defense in depth, and not a very significant one at that…

HoneyPoint Managed Service Now Available

Posted on by
Reply

The initial private launch is complete, and the public launch has begun. HoneyPoint Security Server is now available as a managed service!

HoneyPoints can be deployed as software on your internal existing servers and workstations or on our VMWare virtual appliance. We manage the console and deliver real time email alerts, support and advice on security incidents. Incident response consulting and handling help is also available at a reduced hourly rate to HP Managed Service clients.

In addition to leveraging the power of HoneyPoints and HornetPoints, you also get easy, automated monthly reporting to make your life as an IT administrator or security team member easier.

As a special introductory price for readers of the blog, our newsletter and friends of the firm, you can sign up now for HoneyPoint Managed Services for as low as $99.00 (US) per month. Plus, for being a supporter of MicroSolved and our efforts, we will waive the setup fee ($195.00 normally) if you join the program before the end of July, 2009!

Interested in putting the power of the HoneyPoint Hive to work for your organization? Give us a call (614-351-1237 x206) or drop us a line (info@microsolved.com) and learn more about how to get more security with the least amount of effort. We’ll be happy to share our success stories with you. We look forward to working with your team!

New Web Scanner Patterns

Posted on by
Reply

The HITME has begun to pick up a new web scanning pattern from sources primarily in Europe. The pattern is assuming the spread and slow increase as usual with these simple PHP or web application scans.

Here is the list of targets that the scanner is checking for:

//phpMyAdmin/main.php

//phpmyadmin/main.php

//pma/main.php

//admin/main.php

//dbadmin/main.php

//mysql/main.php

//php-my-admin/main.php

//myadmin/main.php

//PHPMYADMIN/main.php

Note that this scanner does not have the big two scanning signatures that we are used to seeing from Toata and Morfeus. No scanner name or identifier is sent during the probes.

Web Admins should check their servers for these signatures. You can do so using our BrainWebScan tool if you would like. (FREE) I will publish a brain file for this as soon as possible, or you can cut and paste the signatures from this page.

Super Secret Squirrel Pics of the New HoneyPoint Appliance

Posted on by
Reply

Here is a super secret picture of the soon to be released HoneyPoint appliance. The worker bees are hovering all around the hive and making last minute adjustments to the initial release.

I managed to snap this quick pic with my camera before they began to sting me. I hope you enjoy the preview.

The HoneyPoint appliance will likely be available late summer. Stay tuned for more info the details settle.

Tiny isn’t it?!!!

IMG_0376.JPG