IT Security: Deception and Disruption Techniques

Overview

• IT security professionals aim to prevent attackers from accessing systems.
• Use security knowledge to create deception and disruption for attackers.

Honeypots

• Definition: Systems designed to attract attackers and keep them engaged to study their techniques.
• Purpose: Identify types of attacks and automation used against systems.
• Implementation: Can use commercial or open-source software to create virtual worlds.
• Advancement: Continuous improvement to make honeypots more realistic as attackers get better at identifying them.

Honey Nets

• Definition: Larger infrastructures combining multiple honeypots.
• Components: Workstations, servers, routers, firewalls, etc.
• Goal: Create a believable environment to keep attackers busy.
• Management: ProjectHoney.org for more information.

Honey Files

• Definition: Files containing fake or attractive information (e.g., password.txt).
• Purpose: Attract attackers to waste their time and set off alerts.
• Alert System: Alerts/alarms when accessed by unauthorized users.

Honey Tokens

• Definition: Traceable data added to honey nets.
• Purpose: Track data breaches and identify sources of data leaks.
• Examples:
  • API Credentials: Fake credentials to see if accessed and used.
  • Fake Email Addresses: Monitor appearances on the internet for tracking.
  • Other Data: Database records, browser cookies, web pixels, etc.