HoneyPoint Helps Identify Misconfigurations

One of the unexpected side effects of HoneyPoint deployments has been the discovery of misconfigured applications and hardware in the network. Many customers have identified several applications and devices that were either not configured properly or were acting in unexpected and undocumented ways. HoneyPoint clients have been giving us great feedback that this has helped them reign in this wrongful behavior and that they would likely have never known about it if they had not deployed HoneyPoint.

Some of the items they have discovered have included web-applications that open return sessions to port 80 or 443 on the host – often for no apparent reason, illicit web-requests to domain servers due to misconfigured SQL and LDAP controls and even a couple of applications that performed simplistic host port scans in odd attempts to identify the originating host or use as a “host fingerprint” – neither of which are effective mechanisms for access control.

Clients have also told us that HoneyPoint has helped them find hosts that are not obeying the standard rules of their environment. For example, one client moved their DNS server from the DNS location assigned by DHCP and then changed the DHCP server. A few days later, he stood up a port 53 HoneyPoint to capture hosts that had set their DNS as static instead of using the established DHCP method. Doing so helped him clean up some hosts that remained in older configurations and even identify a help desk technician that was not configuring systems accordance with their standards. They claim that HoneyPoint was an incredible tool in helping them find the hosts that were just not up to par.

As the product matures, we continually get more and more feedback from clients about innovative uses for the tools. If your organization has leveraged HoneyPoint in new ways, please let us know so we can share them with others who may be able to benefit from the idea. As always, thanks for the attention to the product, we truly love the feedback and the incredibly warm response it continues to receive from people and organizations around the world!

This entry was posted in General InfoSec by Brent Huston. Bookmark the permalink.

About Brent Huston

I am the CEO of MicroSolved, Inc. and a security evangelist. I have spent the last 20+ years working to make the Internet safer for everyone on a global scale. I believe the Internet has the capability to contribute to the next great leap for mankind, and I want to help make that happen!

Leave a Reply