Network vigilantes feel like striking back

Retaliation ranges from extreme to simply dropping the connectionVigilanticism is on the rise as IT managers, increasingly frustrated by network attacks, are feeling more and more justified in "striking back", an enterprise risk expert told Computerworld.

"We found 65 per cent of IT managers felt that striking back is justified," said Dean Kingsley, partner of enterprise risk services at Deloitte Touche Tohmatsu.

Among network vigilanticism against hacking, denial of service (DoS) and Web site defacement, the degree of retaliation ranges from the extreme - such as issuing counter DoSs against the attacking site - to simply dropping the connection between the company and attacker, Kingsley said.

"However, these measures are counter-productive, as it is easy for an attacker to spoof their identity in covering their tracks," Kingsley said.

In this way companies are fighting back against an innocent third party, an action Kingsley called "legally dubious".

And the most extreme measure an IT manager could take against these attacks is to take the company itself offline, an action unavailable to businesses where uptime is imperative. Instead, Kingsley advocated more sophisticated measures such as building a "honeypot" environment, whereby an attacker is actually encouraged to enter a dummy corporate "room" complete with fake sensitive files and databases.

"Companies currently using intrusion detection systems have three options available to react to an attack, resorting to vigilanticism by shutting the attacker down, shutting themselves down or controlling the attack," Kingsley said.

"Using the latter option, IT managers can turn the actions of would-be intruders against themselves, by logging and monitoring their actions while in this environment and gathering enough information to identify and prosecute the attacker."

Honeypot environments resemble a real corporate network, with configuration settings to allow an intruder to reach the environment but not allow them to leave.

But with the current IT skills deficit and the manually intensive nature of this solution, few companies could afford to resort to such measures.

However, tools are coming onto the market that would make setting up honeypot environments easier, such as Recourse Technologies' Man Trap. Freeware and shareware also exists that achieves the same outcome.

"I would also bet ISS, Accent and Network Associates are gearing up to provide commercial solutions to create honeypot environments," Kingsley said.

Join the newsletter!

Error: Please check your email address.

More about Commercial SolutionsDeloitte Touche TohmatsuDeloitte Touche TohmatsuISS GroupRecourse Technologies

Show Comments