General Security Concepts: Examining deception and disruption technology Flashcards
What are deception and disruption technology?
Deception and disruption technologies are the tools and techniques you can use to recognize and then divert an attacker within your network. Deceptions technologies enable defenders to identify a wide variety of attack methods without relying on known signatures or pattern matching.
What is a honeypot?
Honeypots: A deceptive system or network designed to attract and trap potential attackers. Honeypots enable you to monitor the activities of bad actors or threat actors, and you then can study this information to identify techniques and potential intentions without risking actual network assets.
What is honeynet?
Honeynets: A network of honeypots designed to simulate a larger, more enticing target that enables you to lure and study attackers. Honeynets allow you to monitor and study the activities of bad actors and threat actors without risking actual network assets.
What is a honeyfile?
Honeyfiles: A file or document placed on a network as bait to attract attackers. Honeyfiles enable you to attract and detect unauthorized access or exfiltration attempts. You then can study this information to identify the techniques and potential intentions of bad actors without risking actual resources.
What is a honeytoken?
Honeytokens: A piece of fake or deliberately weak data placed within a system or network to act as a decoy. Honeytokens enable you to spot potential unauthorized activity or security breaches. You then can study this information to identify techniques and potential intentions without risking actual network assets.