Verizon unit aims to detour hackers

Verizon Federal Network Systems--which designs, secures, operates and maintains computer networks for both public- and private-sector organizations--has introduced Web security software designed to more effectively identify system intruders, both inside and outside the firewall.

NetFacade version 1.3 falls under a software category known as “honey pot,” because such software is designed to lure hackers away from their targets. In the case of NetFacade, the software lets network administrators create fake Web sites that closely resemble the real thing.

According to Verizon, hackers use Web sites to enter an organization’s computer network much like a burglar would use a window to enter a home or office. Once in, the hacker probes hosts within the network until he or she finds the targeted location. Then the mayhem begins.

However, when a hacker enters a Web site protected by the latest version of NetFacade, the software redirects the intruder deeper into the decoy network, said Verizon. Before the hacker realizes what has happened, the software’s logging, filtering and analysis functions create a profile of the attack, as well as a “fingerprint” of the hacker.

While the information gathered by NetFacade could be used to identify and prosecute the intruder, the real purpose of the software is to provide organizations with a report card, said Forrest Siburt, business development consultant for Verizon Federal Network Systems.

“It’s designed to alert you that you have to change your configuration and how you have implemented your firewall and intrusion-detection devices, because it’s telling you that it’s not effective,” he explained.

Siburt said NetFacade--a derivative of software originally designed for a classified government operation--is targeted specifically to organizations managing a significant amount of sensitive information, such as financial institutions, the gaming industry, and government entities such as the Internal Revenue Service and the Social Security Administration, where the threat from internal intruders is just as dangerous as threats from the outside.

“If you have people looking at sensitive data that only certain people are supposed to see, then you can go to those people and ask them, ‘Did you mistakenly wander over there?’ or ‘What were you doing?’”

Beta testing has been completed on NetFacade, and full rollout is planned for no later than the “first part of July,” said Siburt, who noted the sensitive nature of the software’s application will make selling and marketing NetFacade more challenging.

“You don’t hear a lot about white-collar embezzlement, because it’s the type of thing companies generally don’t like to talk about,” Siburt said. “They don’t even like to publicize that they’re even using this kind of stuff. So, we’re not going to get a lot of reference accounts.”