John Board: Defending the Hive
It’s midday on a Monday, and there are around 100,000 devices active on Duke’s network—laptops, phones and scientific instruments among them. They are sending emails and experimental data, retrieving pay statements and accessing documents —all the things the busy Duke community does daily, without really thinking about the security implications of that networking.
Fortunately, the Duke Office of Institutional Technology, OIT, is constantly monitoring all that activity, searching for suspicious activity that might signal that an intruder has gained access to the information hive. Among its security measures is an innovative NSF-funded program called STINGAR, shorthand for “Shared Threat Intelligence for Network Gatekeeping and Automated Response.” To foil bad actors, the OIT team first sets an irresistible trap —a seemingly undefended trove of information, or “honeypot.” STINGAR watches the trap and IDs the attackers that show up there, then immediately locks them out to prevent them from gaining access to other Duke properties.