The idea of ‘fighting back’ against hackers is both scary and risky business. Most security professionals would strongly advise against it, in part because one false move could land you behind bars. But ‘fighting back’ doesn’t have to translate into attacking an attacker’s IP address, setting up lethal traps for hackers, or purposely damaging systems--it’s about defending your own networks, while working to identify and gather evidence of the attack and attackers.
Tenable’s Paul Asadoorian will be presenting alongside John Strand, Senior Instructor with the SANS Institute, on this topic at RSA today, March 1, 2012. They’ll share practical advice on how to responsibly integrate offensive measures into your network security strategies. They’ll also cover legal considerations, relevant case studies of people and organizations that strategically (and legally) fought back, sensible techniques, and strategies for determining if offensive countermeasures are right for you.
Here’s a quick look at three ‘offensive’ strategies Paul and John will cover in the presentation:
- Annoyance: The presentation will include tips on how to set HoneyPot traps, find vulnerabilities with hacker’s tools and build those exploits into your websites, set up infinitely recursive directories that send scripts into an endless loop, and set traps for malicious spiders (while gently nudging Googlebots away from danger). Ruining a hacker’s afternoon is certainly fun, but its serves a practical purpose, too--preventing cybercriminals from effectively scanning and monitoring your systems.
Attribution: Gaining insight on your attacker puts you in a better position to defend your network, and arms attorneys with the evidence they need. Paul and John will share techniques to get the info you need, and more importantly, make sure that your traps aren’t giving hackers a launch pad for additional attacks.
Attack: The goal is to get inside and collect information on what the attacker is doing. They’ll show you how to get a hacker to load a ‘malicious’ Java Application (with non-damaging commands), and prevent the hackers from redirecting your users.
Disclaimer: Before you test out these strategies for fighting back, consult with your company’s legal and management teams. Going rogue can be fun; it can also get you in serious trouble if you’re not careful.