Chapter 12. Traps and Deceptive Measures

For years , information security professionals and others have been attempting to fight computer crime and misuse. Few would disagree that despite the emergence of new standards and technology (including better intrusion detection technology, sophisticated third-party authentication methods , advanced encryption algorithms, improved procedures, more types of professional certification, and other new approaches and developments), computer crime and misuse are actually becoming worse .Why?

Many potential explanations exist; one particularly plausible one is that security professionals' approaches almost invariably lag behind the approaches used by those who attack systems and networks. Attackers constantly develop new methods and tools. Security professionals keep using what they consider to be "tried and true" countermeasures ‚ countermeasures that might or might not counter the most recent types of threats. Worse yet, security professionals often do not understand who is attacking them as well as how and why. Fortunately, methods designed to identify attackers and how they do what they do are available. Among the most interesting and potentially useful of these methods are traps and deception. In this chapter, we'll look into types of deceptive measures and traps that can be used, consider the advantages and disadvantages of using deceptive measures and traps, delve into a few specific types, and finally explore how each can be used during the process of responding to incidents. First, let's consider some basic definitions.