Deception And Disruption

Question 1

Honeynet

Answer 1

Is multiple, linked honeypots that simulate a network environment

Question 2

DNS sinkhole

Answer 2

Sinkhole is a DNS server that response with false results. DNS sinkholes can be captured and analyses . Sinkholes are most often used to seize control of botnets by interrupting DNS names of the bot that is used by malware

Question 3

SPAM trap

Answer 3

Spam traps (fake email address) are used to identify and block spammers. Legitimate email is unlikely to be sent to fake address, so when an email is received it is most likely spam

Question 4

Honey Token

Answer 4

Is a beacon embedded into a document, databases, images, directory and folders. Honey-tokens are used to identify the attacker. Are used to track malicious actors and collecting critical information about their identity and methods used to exploit the system. Putting traceable data to the honeynet.

Question 5

Honey traps

Answer 5

Are a deception technique that allows security defenders to understand attacker behaviors and patterns. Based on a design and deployment models, they are intended to look legitimate to attackers.
Honey traps :
Honeypot
Honey files
Honey net
Honey tokens

Question 6

Honeypot

Answer 6

This is a decoy system (self defense system, gives a false impression) i.e we server,
Honey pots can be divided into :
High interaction
Low interaction

Question 7

Deception and disruption

Answer 7

Techniques and practices are used to deceive potential attackers with the goal of threat intelligence collection and early breach detection

Question 8

Honey file

Answer 8

Is a decoy file located in network files folder. Is designed to detect access and exploration attemps,