Other Detective Tools
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Time
15 hours 43 minutes
Difficulty
Advanced
CEU/CPE
16
Video Transcription
00:00
>> Now in addition to intrusion,
00:00
detection and prevention systems,
00:00
certainly we have other tools on our network to monitor
00:00
and to help us detect
00:00
attacks and to learn more about them.
00:00
In this section we'll talk about honeypots,
00:00
honeynets, and tarpits.
00:00
Then we'll also talk about this idea of padded cells.
00:00
That will wrap up our domain 6,
00:00
so we'll review the security assessment objectives also.
00:00
Honeypots.
00:00
Honeypots are decoys that are
00:00
designed to look like systems with flaws.
00:00
They're designed to be desirable to a hacker.
00:00
When an attacker is in the DMC for instance,
00:00
they're looking around to figure out which
00:00
systems are most likely to be ones they can penetrate,
00:00
and which systems are most
00:00
likely to have desired resources.
00:00
With a honeypot, we set up a system,
00:00
we install the honeypot software so that
00:00
when an attacker is looking for a vulnerable system,
00:00
they'll come across this honeypot
00:00
and it'll be very desirable.
00:00
These honeypots have what we call pseudo flaws,
00:00
meaning they look like
00:00
vulnerabilities but they really aren't.
00:00
The idea there being that we can keep
00:00
the attacker busy with the honeypot,
00:00
keeping them away from our legitimate resources,
00:00
but then also the honeypot is
00:00
a detective system that can be used
00:00
to collect information about the attacker,
00:00
the tools he used,
00:00
what resources he was attempting to access.
00:00
A concern with honeypots, enticement versus entrapment.
00:00
We want to be very careful there.
00:00
I don't want to configure a honeypot that
00:00
looks like a website that says,
00:00
click here to download free music,
00:00
and then try to prosecute somebody for clicking there.
00:00
We're not trying to trick someone
00:00
into committing a crime or attempting a breach.
00:00
What we are wanting to do is if that attacker
00:00
is looking to commit a crime or to cause a compromise,
00:00
we're going to give them the sacrificial system
00:00
so that they have somewhere to target.
00:00
Now it's interesting the origin of
00:00
this term honeypot originates
00:00
back to the days of the Romans,
00:00
and there was a specific pathway that was
00:00
very long pathway to
00:00
a particular battlefield that the Romans traversed.
00:00
Because it was so lengthy,
00:00
the soldiers would get very hungry,
00:00
they'd get exhausted throughout the trip,
00:00
so their enemies put honeypots,
00:00
literal pots of honey,
00:00
along the pathway and trail,
00:00
and the Roman soldiers would see these,
00:00
and they would eat the honey looking to be re-energized.
00:00
But of course, the enemies had poisoned those honeypots,
00:00
so it looked very desirable,
00:00
but instead, they were poisons.
00:00
That's the idea behind why we call these honeypots.
00:00
I'll also mentioned that a collection of
00:00
honeypots is called a honeynet.
00:00
Now, we also have systems that
00:00
have what we refer to as padded cells,
00:00
and padded cells give us
00:00
a separated or isolated environment.
00:00
For instance, if you think about Java applets,
00:00
these little Java applications,
00:00
they run within our web browser in
00:00
most environments and that web browser access a sandbox,
00:00
that's what a lot of times what it's called sandboxing.
00:00
That padded cell is the browser itself
00:00
that provides isolation to these Java applets,
00:00
so that those applets are not able
00:00
to interfere with the rest of the system.
00:00
Or if you've run anti-malware software
00:00
and a specific file was not able to be deleted,
00:00
so it was quarantined,
00:00
that's a padded cell also.
00:00
I'll also mention tarpits here.
00:00
Tarpits are often associated with honeypots,
00:00
and what they do is while an attacker's looking around,
00:00
if they click on a particular link,
00:00
they might be transferred to a network with
00:00
very slow connectivity so that they make a click,
00:00
it takes forever for response,
00:00
and the idea again is just to tie
00:00
the attacker up so that they can't do any real harm.
00:00
Then there's a self-mutating honeypot that
00:00
modifies itself based on
00:00
the tools that the attacker's use.
00:00
We have lots of tools that we can
00:00
use to help us assess our network.
00:00
We can conduct auditing,
00:00
vulnerability assessments and pen tests,
00:00
we have to make sure we conduct
00:00
log reviews so that we can
00:00
hopefully be proactive when
00:00
it comes to attacks on our network,
00:00
and we looked at intrusion,
00:00
detection and prevention systems,
00:00
whether they're host or network based,
00:00
and we looked at their analysis engines,
00:00
and then also looked at a few other tools
00:00
of the trait as well.
Up Next
Instructed By
Similar Content
