Deception and Disruption - 1.2
Summary
Deception and disruption techniques, such as honeypots, honeynets, honeyfiles, and honeytokens, are used by organizations to attract attackers, study their behaviors, and enhance security by creating traps that provide valuable insights into attack methods.
Notes:
- Honeypot: A decoy system or server specifically configured to attract attackers. It simulates a legitimate target to gather information about attack methods, allowing the organization to monitor attacker behavior and collect data on attempted exploits for research and response planning.
- Honeynet: A network made up of multiple honeypots that emulate a real network environment. This setup presents a more complex and enticing target for attackers, enabling organizations to gather more comprehensive and detailed insights into attacker strategies and techniques.
- Honeyfile: A bait file that appears to contain sensitive or high-value data but is used to detect unauthorized access. Honeyfiles are monitored so that any access or modification attempt triggers an alert, indicating a potential breach and helping to identify malicious actors within the system.
- Honeytoken: A false piece of information, such as a fake username, password, or document, planted within a system to serve as a monitoring tool. If this data is accessed or used, it indicates a security breach, providing early detection of malicious activity and tracking the source of the leak.