8.8 Honeypots

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Honeypots are designed to do what?

Divert an attacker from accessing critical systems, Collect information about the attacker's activity, Encourage the attacker to stay on the system long enough for administrators to respond

Honeypot systems are filled with what?

Fabricated information designed to appear valuable but that a legitimate user of the system would not access

High interaction honeypot advantage

A more realistic target that may occupy an attacker for an extended period

Disadvantage of placing a honeypot on The network of externally available services, such as Web and mail, often called the DMZ (demilitarized zone)

A typical DMZ is not fully accessible, and the firewall typically blocks traffic to the DMZ the attempts to access unneeded services. Thus, the firewall either has to open up the traffic beyond what is permissible, which is risky, or limit the effectiveness of the honeypot.

Low interaction honeypot advantage

Able to identify intruders using the earlier stages of the attack methodology

Low interaction honeypot

Consists of a software package that emulates particular IT services or systems well enough to provide a realistic initial interaction, but does not execute a full version of those services or systems

High interaction honeypot disadvantage

It requires significantly more resources, and if compromised could be used to initiate attacks on other systems, resulting in unwanted legal or reputational issues for the organization running it

Disadvantages of a fully internal honeypot

If the honeypot is compromised so it can attack other internal systems, the firewall must adjust its filtering to allow traffic to the honeypot, thus complicating firewall configuration and potentially compromising the internal network

High interaction honeypot

Is a real system, with a full operating system, services and applications, which are instrumented and deployed where they can be accessed by attackers

Advantages of a fully internal honeypot

It can catch internal attacks, It can detect a misconfigured firewall that forwards impermissible traffic from the Internet to the internal network

External honeypot disadvantage

It has little or no ability to trap internal attackers, especially if the external firewall filters traffic in both directions

Low interaction honeypot disadvantage

Less realistic target

A honeypot outside the external firewall does not increase what?

The risk for the internal network

honeyfiles

emulate legitimate documents with realistic, enticing names and possibly content

Honeypots

decoy systems designed to lure potential attackers away from critical systems

A honeypot outside the external firewall is useful for what?

tracking attempts to connect to unused IP addresses within the scope of the network

Voir tous les ensembles d'études

Ensembles d'études connexes

ac 201 exam 1

Blood pressure

The Brain & Cranial Nevres

Entrepreneurship and small business test 3

Frankenstein Chapters 6-10

Mitosis quiz

AP Bio Exam

Organic Chemistry

OB - Chapter 7

Chapter 4 - Sleep

Section 6 Lessons 1-4 Review

Human Development Psychology Chapter 9

AC 340 FINAL

Weather_and_Climate-Chapter_2-Heating_Earth's_Surface_and_Atmosphere_Study_Guide

Micro Study Guide 2

Tort Law 6.3

Legal Environment of Business Ch. 14 & 15

chp 6 mktg, Marketing Ch.6, Marketing Chapter 8, MKTG test 2 ch 6, MKTG ch 3, Marketing 351 Chapter 1, Marketing, MKTG Chapter 1, MKTG Chapter 5, MKT 230 - chp. 5