What is a Honeypot?

A Honey Pot system is setup to be easier prey for intruders than true production systems but with minor system modifications so that their activity can be logged of traced. The general thought is that once an intruder breaks into a system, they will come back for subsequent visits. During these subsequent visits, additional information can be gathered and additional attempts at file, security and system access on the Honey can be monitored and saved.

Generally, there are two popular reasons or goals behind setting up a Honey Pot:

1. The general idea is that since a record of the intruder’s activities is kept, you can gain insight into attack methodologies to better protect your real production systems.
2. Gather forensic information required to aid in the apprehension or prosecution of intruders. This is the sort of information often needed to provide law enforcement officials with the details needed to prosecute.
3. The common line of thought in setting up Honey Pot systems are that it is acceptable to use lies or deception when dealing with intruders. What this means to you when setting up a Honey Pot are those certain goals have to be considered. Those goals are:

The Honey Pot system should appear as generic as possible. If you are deploying a Microsoft NT based system, it should appear to the potential intruder that the system has not been modified or they may disconnect before much information is collected. You need to be careful in what traffic you allow the intruder to send back out to the Internet for you don’t want to become a launch point for attacks against other entities on the Internet.

You will want to make your Honey Pot an interesting site by placing "Dummy" information or make it appear as though the intruder has found an "Intranet" server, etc. Expect to spend some time making your Honey Pot appear legitimate so that intruders will spend enough time investigating and perusing the system so that you are able to gather as much forensic information as possible.

The information gathered from a Honey Pot system is used for prosecution purposes, it may or may not be deemed admissible in court. While information regarding this issue is difficult to come by, having been hired as an expert witness for forensic data recovery purposes.

Whether hacking organizations will rally against an organization that has set "traps" and make them a public target for other hackers. Examples of this sort of activity can be found easily on any of the popular hacker’s sites or their publications.

What is Intrusion Detection?

Intrusion Detection can be defined as "the act of detecting actions that attempt to compromise the confidentiality, integrity or availability of a resource." More specifically, the goal of intrusion detection is to identify entities attempting to subvert in-place security controls.

Network Based (Network IDS)
Network based intrusion detection attempts to identify unauthorized, illicit, and anomalous behavior based solely on network traffic. A network IDS, using either a network tap, span port, or hub collects packets that traverse a given network. Using the captured data, the IDS system processes and flags any suspicious traffic. Unlike an intrusion prevention system, an intrusion detection system does not actively block network traffic. The role of a network IDS is passive, only gathering, identifying, logging and alerting.

Host Based (HIDS)
Often referred to as HIDS, host based intrusion detection attempts to identify unauthorized, illicit, and anomalous behavior on a specific device. HIDS generally involves an agent installed on each system, monitoring and alerting on local OS and application activity. The installed agent uses a combination of signatures, rules, and heuristics to identify unauthorized activity. The role of a host IDS is passive, only gathering, identifying, logging, and alerting.

Physical (Physical IDS)
Physical intrusion detection is the act of identifying threats to physical systems. Physical intrusion detection is most often seen as physical controls put in place to ensure CIA. In many cases physical intrusion detection systems act as prevention systems as well. Examples of Physical intrusion detections are:

• Security Guards
• Security Cameras
• Access Control Systems (Card, Biometric)
• Firewalls
• Man Traps
• Motion Sensors

Intrusion Prevention
Intrusion prevention follows the same process of gathering and identifying data and behavior, with the added ability to block (prevent) the activity. This can be done with Network, Host, and Physical intrusion detection systems.

How to boost your malware defense and protect your PC

1. Install antivirus and antispyware programs from a trusted source
2. Never download anything in response to a warning from a program you didn't install or don't recognize that claims it will protect your PC or offers to remove viruses. It is highly likely to do the opposite.
3. Get reputable anti-malware programs from a vendor you trust.
4. Windows 8 includes antivirus protection called Windows Defender. It’s turned on by default.
5. If your computer is not running Windows 8, download Microsoft Security Essentials for free.
6. Choose security software that is compatible with Windows 7.

Update software regularly
Cybercriminals are endlessly inventive in their efforts to exploit vulnerabilities in software, and many software companies work tirelessly to combat these threats. That is why you should:

• Regularly install updates for all your software antivirus and antispyware programs, browsers (like Windows Internet Explorer), operating systems (like Windows), and word processing and other programs. 
• Subscribe to automatic software updates whenever they are offered for example, you can automatically update all Microsoft software. Windows 8 and Windows 7 turn on automatic updating during installation. 
• Uninstall software that you don't use. You can remove it using Windows Control Panel. 

Use strong passwords and keep them secret

• Strong passwords are at least 14 characters long and include a combination of letters, numbers, and symbols. 
• Don't share passwords with anyone. 
• Don’t use the same password on all sites. If it is stolen, all the information it protects is at risk. 
• Create different strong passwords for the router and the wireless key of your wireless connection at home. Find out how from the company that provides your router. 
• Use our password checker. 

Never turn off your firewall

• A firewall puts a protective barrier between your computer and the Internet. Turning it off for even a minute increases the risk that your PC will be infected with malware.
• Use flash drives cautiously
• Minimize the chance that you'll infect your computer with malware:
• Don't put an unknown flash (or thumb) drive into your PC. 
• Hold down the SHIFT key when you insert the drive into your computer. If you forget to do this, click in the upper-right corner to close any flash drive-related pop-up windows. 
• Don't open any files on your drive that you have not expected to see. 
• Don't be tricked into downloading malware 

Instead, follow this advice:

• Be very cautious about opening an attachment or clicking a link in an email, instant message, or post on social networks (like Facebook) even if you know the sender. Call to ask if a friend sent it; if not, delete it or close the IM window. 
• Avoid clicking Agree, OK, or I accept in banner ads, in unexpected pop-up windows with warnings or offers to remove spyware or viruses, or on websites that may not seem legitimate. 
• Instead, press CTRL + F4 on your keyboard to close the window. 
• If the window doesn't close, press ALT + F4 on your keyboard to close the browser. If asked, close all tabs and don’t save any tabs for the next time you start the browser. 
• Only download software from websites you trust. Be cautious of "free" offers of music, games, videos, and the like. They are notorious for including malware in the download. 
• Take advantage of technology such as Windows SmartScreen in Windows 8 designed to help protect you from phishing scams and new malware that your anti-malware software hasn't detected yet.