The use of deceit; 2. The fact or
state of being deceived; 3. A ruse; a trick.??? A honeypot can be used to deceive attackers
and trick them into missing the ???crown jewels??? and setting off an alarm. The idea here is
to have your honeypot positioned near a main avenue of approach to your crown jewels.
Intelligence as a Motive
Intelligence has two meanings with regard to honeypots: (1) indications and warnings
and (2) research.
Indications and Warnings If properly set up, the honeypot can yield valuable
information in the form of indications and warnings of an attack. The honeypot by definition
does not have a legitimate purpose, so any traffic destined for or coming from the
honeypot can immediately be assumed to be malicious. This is a key point that provides
yet another layer of defense in depth. If there is no known signature of the attack for the
signature-based IDS to detect, and there is no anomaly-based IDS watching that segment
of the network, a honeypot may be the only way to detect malicious activity in the
enterprise. In that context, the honeypot can be thought of as the last safety net in the
network and as a supplement to the existing IDS.
Research Another equally important use of honeypots is for research.
Pages:
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877