WARNING: This site is intended for online use only; mass-downloading of pages degrades the server and is prohibited.
If you attempt to use tools to mass-download the site, you may be blocked permanently by automated software.
If you want to read this CertiGuide offline, please use one of the links on the left to purchase a convenient PDF copy. Thank you.

Like what you see? Get it in one document for easy printing!
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Test yourself better with 300 extra Security+ questions!
Get It Here!

Custom Search






Table Of Contents  CertiGuide to Security+
 9  Chapter 3:  Infrastructure Security (Domain 3.0; 20%)
      9  3.4  Intrusion Detection

Previous Topic/Section
3.4.2.2  Passive Detection
Previous Page
Pages in Current Topic/Section
1
2
Next Page
 3.4.4  Incident Response
Next Topic/Section

3.4.3  Honey Pots
(Page 1 of 2)

“Mmmmmm, honey pot”…. The name is supposed to sound tempting… to potential attackers, that is. Honey pots are decoy systems or networks set up to look like interesting targets to attackers. The idea is that attackers will spend their time and resources on this (to you non-business-critical) system rather than interfering with the operation of more important systems on your network. Alternately, the honey pot can be purely a research tool, to lure the 3133t (that’s “elite” in script kiddie speak) into attacking, so that those observing the honey pot can learn about their techniques.

Honey pots typically mimic a real system or network (ideally one particularly attractive to hackers, such as one that purports to contain interesting data or runs a service that is a known “easy target” like (sorry Microsoft!) IIS. Each system can be set up to run one or more services that any other server on your network would run. The difference is that a honey pot is not normally in use (at least, not in use doing anything other than pretending to be a great target). It is merely a target lying in wait, and any amount of interaction with it can be interpreted as an attempt at intrusion, reconnaissance, or other type of abuse. Honey pots are normally well-isolated from the rest of the network (due to obvious concerns about traffic sniffing), and feature good logging, often sending their log results across the network to a different machine so that compromise of the honey pot doesn’t allow the attacker to “cover his tracks” by tampering with the logs.

Honey Pots

Honey pots are decoy systems or networks set up to look like interesting targets to attackers.

They typically mimic a real system or network that is attractive to hackers, such as one containing interesting data or running known-vulnerable software.

They may be used purely as a research tool or as an active defense used to deflect intrusions, by giving crackers an attractive but non-business-critical target in an organization’s network.



Previous Topic/Section
3.4.2.2  Passive Detection
Previous Page
Pages in Current Topic/Section
1
2
Next Page
 3.4.4  Incident Response
Next Topic/Section

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $


Home - Table Of Contents - Contact Us

CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.