Innovative security technique No. 3: HoneypotsModern computer
honeypots have been around since the days of Clifford Stoll's "The Cuckoo's Egg," and they still don't aren't as
respected or as widely adopted as they deserve. A honeypot is any computer asset that is set up solely to be
attacked. Honeypots have no production value. They sit and wait, and they are monitored. When a hacker or malware
touches them, they send an alert to an admin so that the touch can be investigated. They provide low noise and high
The shops that use honeypots get notified quickly of active attacks. In fact, nothing beats a honeypot for early
warning -- except for a bunch of honeypots, called a honeynet. Still, colleagues and customers are typically
incredulous when I bring up honeypots. My response is always the same: Spend a day spinning one up and tell me how
you feel about honeypots a month later. Sometimes the best thing you can do is to try one.
Innovative security technique No. 4: Using nondefault portsAnother technique for
minimizing security risk is to install services on nondefault ports. Like renaming privileged accounts, this
security-by-obscurity tactic goes gangbusters. When zero-day, remote buffer overflow threats become weaponized by
worms, computer viruses, and so on, they always -- and only -- go for the default ports. This is the case for SQL
injection surfers, HTTP worms, SSH discoverers, and any other common remote advertising port.
Recently Symantec's pcAnywhere
Remote Desktop Protocol suffered remote exploits. When these exploits became weaponized, it was a race against
the clock for defenders to apply patches or block the ports before the worms could arrive. If either service had
been running on a nondefault port, the race wouldn't even begin. That's because in the history of automated
malware, malware has only ever tried the default port.