Misinformation

I l @ ve RuBoard

Misinformation can be used to make the attacker waste time attempting attacks that will not work, since the type of systems and the version of the software reported are not an accurate representation of the actual system. Misinformation is often used as bait for intrusion detection systems. It is often easier to distinguish hacking activities from actual users when the former are attempting methods which are not appropriate for the type of system, than when the attackers are using appropriate services. Misinformation can also be used to draw attackers away from sensitive systems by making other systems more attractive. In any case, you should consult with your legal department before utilizing misinformation.

False Services

Services which can be configured to change the disclosed information can be configured to disclose false information. False services can be used to misrepresent the type of system or the software which it is running. They are also used to collect data on an attack by recording the attacker's activities against a service which is not being used by actual users.

Honey Pot

A honey pot is a system that has no valuable information, utilizes extensive logging, and is configured so that it is reasonably easy to compromise so that an attacker will be enticed to access this system which will notify the security administrator and track the attacker activities.

They are able to provide a great amount of detail about the attacks against the system. This can reveal insight into the tools and techniques used by hackers and can highlight when services start receiving new attacks.

Even though honey pots are very popular with the media, they are less popular with businesses. Honey pots require a significant investment in administration and monitoring. They provide information for intrusion detection, for which there are numerous other solutions, and evidence collection, which is a duty for law enforcement. System administrators are usually too busy to devote too much time to hacker research.

While tracking hackers back to their bedrooms has largely been removed from the job description of security staff and cybernarks, there is at least one technique that aims to follow the movements of unwelcome visitors .

A honey-pot is a server, or system designed to bait unweary hackers into what appears to be an "easy target". As the system is designed simply to attract would be hackers, any connection to the server triggers an alarm, and allows security experts to follow the intruder's movement through the site ” looking for idiosyncrasies. On the one hand the intruder wastes valuable time breaking into what is essentially an empty safe, and on the other it allows security staff are able to use the information they gather to shore up their other charges.

The honey-pot server approach forms part of a wider movement in cybercrime prevention by the name of Honeynet. ^[46]

^[46] Douglas, Jeanne-Vida, "Barbed Wire vs the Honey-pot: Methods of Tracing and Deterring Hackers," ZDNet Australia (www.zdnet.com.au), 26 October 2001.

I l @ ve RuBoard