I am welcome to lessen 2 to 4 in this lesson. We're gonna talk about honey pots. It's gonna be a very quick lesson. Just a quick overview of what a honey pot is and how we can use them.
So, honey, pot is a system that we intentionally leave a little bit vulnerable. Maybe we don't patch it with all of the latest patches. We don't want it to look like a 20 year old system, but we maybe just leave a few vulnerabilities in there and we don't patch it completely. Or we configure it with a few mistakes intentionally.
And we do this so that we can monitor it with our security tools and weaken turn anything we learned during that monitoring into intelligence that we can feed into the rest of our systems. The idea is, we want Teoh almost entice the bad guys to attack this system, especially ones that haven't attacked our environment before but that we may not know anything about
so that we can gather intelligence and understand their tactics and techniques, much like that miter framework we talked about earlier.
And we can take that data and we could put it into our other tools. So if we see that same type of attack against a legitimate system later, we already know about it and weaken, weaken, deter that attack.
The way it works typically is you're gonna set a honeypot up in a D m Z environment. So in this particular case, this would be a set up that we talked about earlier in the D. M Z chapter, where we've got some application servers out in a d m Z that access a database may be behind the firewall, our internal network,
because we don't want to give Internet access directly to our database. So we have that tiered approach.
But what if we took our applications server farm? You know, several application servers and we made one of them a honeypot.
So that application server is has running the same application as the other two servers. It looks basically the same, except it has a couple of miss configurations or a couple of vulnerabilities on it.
Now, as an attacker is doing their reconnaissance and they're scanning the environment, that system is gonna look a lot more enticing to attack than the other systems because the other ones air fully hardened. This one has a vulnerability. And that's what Attackers do. Essentially, they'll scan an environment, look for vulnerabilities and then try to attack that particular vulnerability.
But this time, when they attacked that vulnerability, we've got all of our tools in the background pointing to that honey pot monitoring it.
And you know, maybe that that particular system, it doesn't even point to a reald database on the back end. Maybe it points to a fake database with some fake data so we can make Attackers think they're actually getting real data when they're pulling things out. But they're not right. The whole time we're sitting back, we're monitoring it.
We're looking at the methods that they use and were turned that into threat intelligence for other systems
and actually it on honey pots. As I said, this was gonna be a really quick lesson. Next step we're gonna talk about the last lesson in our perimeter section, and that's gonna be less in 2 to 5. We're gonna talk about remote access