What’s a “honey client?” Not one that pays on time. Nor a term that a very badly behaved woman on a seedy backstreet would use to describe one of her customers.
I am talking about the practice of placing a bit of software on your enterprise network that can function as “bait” for unauthorized malware attacks.
An article on the InfoWorld website touts the advantages of honeypots as a type of early warning resource that can guard your enterprise network against attackers.
The honeyclient is at the source of all this. It is a type of honeypot that imitates the regular series of steps a user would follow when visiting a Web site- perhaps yours. This honeyclient can be left vulnerable to attacks. When the honeyclient senses an attempted malware attack it can send out an alert that triggers a higher degree of security. At times, honeyclients can even point you back to the source of the attack.
For all its security breaches, Microsoft is known for one of the more useful honeyclient regimens. This is done for Microsoft’s own website via the Strider HoneyMonkey Project.
“Malware and rogue links, new and old, are reported to other Microsoft teams,” writes InfoWorld’s Roger Grimes. “Based on those details, malicious Web sites are shut down, products are updated, and security teams educated.”
If you are interested in deploying your own honeyclient solution, you can download the Microsoft Strider URL Tracer With Typo-Patrol from this link.
“When a user visits a Web site, her browser may be instructed to visit other third-party domains without her knowledge,” the explanation on the Strider site notes. “Some of these third-party domains raise security, privacy, and safety concerns. The Strider URL Tracer, available for download, is a tool that reveals these third-party domains, and it includes a Typo-Patrol feature that generates and scans sites that capitalize on inadvertent URL misspellings, a process known as typo-squatting.”