A new type of honeypot will trap intruders who attack wireless networks

I've discussed honeypots several times in the Security UPDATE newsletter. Now, several organizations are developing another type of honeypot to trap intruders. The Science Applications International Corporation (SAIC) has established the Wireless Information Security Experiment (WISE), which runs under the 802.11b wireless communication specification. According to SAIC, the new wireless honeypot network "sits behind a device where all inbound and outbound data is controlled and captured. \[The\] information is then analyzed to learn the tools, tactics, and motives of wireless system exploitation in order to develop information security tools and defenses."

In the March 27, 2002, edition of Security UPDATE, I discussed "war driving", a phrase that describes the act of driving around with a wireless connectivity device with an antenna attempting to connect to unprotected wireless LANs (WLANs). SAIC's wireless honeypot is a response to intruders who perform war driving. WISE will be located in a major metropolitan area in which war drivers often search for vulnerable networks. The WISE honeypot network, designed to "develop effective information security, intrusion detection, and incident response, and forensic methodologies for wireless networks," will consist of several bridged wireless nodes designed to cover a large city area. SAIC will eventually connect the wireless honeypot to a satellite broadband system that will in turn connect the initial honeypot network to a similar network in another major city.

SAIC's wireless honeypot is part of the Honeynet Research Alliance, a group of organizations "actively researching, developing and deploying Honeynets and sharing the lessons learned." The alliance currently consists of 10 organizations around the world, each of which is involved in various aspects of honeypot development and research. Alliance members include the South Florida HoneyNet Project, Nodal Intrusion Forensics Technology Initiative, Incidents.org Virtual Honeynet Project, Paladion Networks Honeynet Project, Internet Systematics Lab Honeynet Project, SAIC Wireless Honeynet, AT&T Mexico Honeynet, NetForensics Honeynet, Azusa Pacific University Honeynet, and the Brazilian Honeynet Project. Check out the Web site, especially if you're considering establishing a honeypot or honeynet of your own. For Windows & .NET Magazine articles about honeypots, visit our Web site.

Did you know that Microsoft has changed how users submit vulnerability reports? Formerly, users emailed vulnerability information to secure@microsoft.com. However, the company recently removed that contact address from its Web site and now requests that users contact the company about security vulnerabilities through a Secure Sockets Layer (SSL)-enabled Web form. The new Web form will help the company collect more complete information for vulnerability reports through the many fields that users must complete before they submit a report. For example, when you visit the Web page, you'll find that the form requests information such as OS, additional hardware installed on the system, and installed security patches and service packs. The form also provides space in which to describe how someone could mount an attack by using a given flaw and what results would occur. Be sure to look at the new form. During the transition to the new Web form, the company will still monitor the secure@microsoft.com email address.