2.5 Deception and Disruption

Question 1

What are honeytraps?

Answer 1

These are deception techniques that allow security defenders to understand attacker behaviour patterns. They all intend to look legitimate to attract attackers

Question 2

What are the different types of honey traps?

Answer 2

Honeypots, honey nets, honey files, honey tokens

Question 3

What is a honeypot?

Answer 3

A decoy system E.g. webserver

High-interaction - Is running the application or providing services
Low-interaction - Not running the application or providing services

Question 4

What is a honeynet?

Answer 4

Is multiple, linked honeypots that simulate a network environment

Question 5

What is a honeyfile?

Answer 5

A decoy file located on a network. It is designed to detect access and exfiltration attempts

Question 6

What is a honey token?

Answer 6

A beacon embedded into a document, databases, images, directory and folders

It is used to identify the attacker -> it can track malicious actors and reveal informarion about their identity and methods they used to exploit a system

Question 7

What are spam traps?

Answer 7

Fake email address used to identify and block spammers. Real mail is unlikely to be sent to a fake address, when an emai is received it is most likely spam

Question 8

What is a DNA sinkhole?

Answer 8

A DNS server that responds with false results. It is used to redirect malicious internet traffic so that it can be captured and analysed by security analysts

Sinkholes are used to seize control of botnets by interrupting the DNS names of the botnet that is used by malware