Deception will defend IT systems

Infosecurity Europe: We look ahead to the highlights

Infosecurity Europe: We look ahead to some of the highlights of next week's conference

Technologies that deceive hackers by encouraging them to attack imaginary computer systems or trick them into deleting their own data will play an important part in corporate defence systems in the future.

Deception technologies, already in use by the military and some large corporations, are likely to become far more mainstream, Fred Cohen, principal analyst of the Burton Group, will tell delegates at Infosecurity Europe.

The technologies work by analysing the behaviour of hackers and malicious worms and responding with strategies which not only block the attack, but waste the hacker's time by re-directing them to phantom computer systems.

Cohen, who has worked on a number of collaborative studies on deception technology, said deception could add an extra defence layer on top of firewalls and intrusion detection systems.

"The maths and the experimentation indicated that you can dramatically change the equation between the hacker and the defender by using this technology. Controlled experiments show you can increase the attacker's workload and reduce the time taken to defend," he said.

One tool, the Deception Tool Kit, is designed to crash hackers' scanning tools by reporting non-existent services with non-existent vulnerabilities on each company IP address - overloading the tool with information.

Another technology can trick worms into attacking their host computers, said Cohen. It works by sending a mirror copy of every data packet sent by the worm back to the worm. Adding gibberish to the packets can cause the attacking computer to crash.

The US military uses deception walls to create hundreds of imaginary computer platforms to fool hackers. The platforms look exactly like genuine systems but contain no sensitive data.

Another approach is to create virtual computers in the heart of real computers. Hackers can attack it, but with no lasting effect.

Deception is a relatively new field, but its use will take off as people get to grips with studying the behaviour of hackers and worms, said Cohen.

Infosecurity Europe 2004 takes place on 27-29 April at London's Olympia

Read more on IT risk management