Wednesday, May 16, 2007

Open proxy honeypots

Most of us probably don't run open proxies ourselves - but if you're a higher education security analyst, you probably have at least one on campus, even if you'd prefer not to. That means that your threats may come from inside your border, and worse, that it may be open on purpose.

What do they get used for? Well, a great way to find out is to make an open proxy honeypot.

What can you do with an open proxy acting as a honeypot? Here's a great example - Ryan Barnett from the Web Application Security Consortium has a very interesting presentation available about traffic they observed through a proxy honeypot. It is well worth the read.

Most of us are headed down a road to securing the business side of our institutions, but the academic and student sides are often more problematic. We'll continue to see open proxies, both on our networks, and in use by our users. The good news is that the next time someone asks you about the dangers of open proxies, you'll have an excellent case study in hand.

No comments: