(1)Defense Through Deception Flashcards
What are honeypots?
Honeypots are computers that are supposed to look really attractive to threat actors by containing vulnerabilities or services that typically are used by systems that have sensitive data on them, so like a fishing lure, they are made to entice attackers to go after them.
The thing is though, they aren’t legit systems and instead have fake data on them or aren’t actually used in the corporate network to conduct real business.
What are honeypots used for?
Honeypots are used to help analysts conduct research on an attackers methods and to see what type of data or systems the attacker is trying to get hold of.
What are DNS sinkholes?
DNS sinkholes provide fake info to the bad software that that is working through an org’s network.
What do DNS sinkholes do specifically?
Specifically, DNS sinkholes detect suspicious activity and instead of providing the information that it is asking for (such as information about a Command and Control (C&C) server, it provides the IP address of a sinkhole that is designed to stop botnet infected systems.
