Reverse Deception: Organized Cyber Threat Counter-Exploitation (79 page)

Read Reverse Deception: Organized Cyber Threat Counter-Exploitation Online

Authors: Sean Bodmer

Tags: #General, #security, #Computers

BOOK: Reverse Deception: Organized Cyber Threat Counter-Exploitation
6.89Mb size Format: txt, pdf, ePub
Reduction of false positives
Ability to identify and learn new attacker tools and techniques
Ability to attribute new attacker activity to particular broader problem sets

 

The following sections briefly discuss the primary two types of honeynets and their advantages and disadvantages.

Research-Based Honeynets

Research-based honeynets are typically found in research institutes of academia or as nonrequirement-driven research projects for personnel within organizations as an educational tool. This type of honeynet is typically not managed regularly or held to any specific overall set of defined standards or reporting requirements. Due to the nature of research-driven honeynets, their goals are generally project or interest based. Research honeynets will generally not be used as an operational test bed unless you have finished reading this book and are planning on researching our recommended best practices, tools, and tactics we have passed onto you through this book.

Research-based honeypots are primarily used for the following purposes:

Learn what the bad guys are doing
Study their methods
Capture their keystrokes
Capture their tools
Monitor their conversations

 

Maintaining individual research-based systems requires a lot of work.

Generation II honeynets were originally designed to suit research-based honeynet deployments. This was the second generation of honeynet technologies developed through the Honeynet Project. More important to note is that most of the organizations that donated resources to development of the GenII were computer science and security research groups within organizations or universities.

Production-Based Honeynets

Production-based honeynets are typically found in larger organizations or government entities that have definitive requirements for network defense, intelligence, or counterintelligence requirements. This type of honeynet is generally developed with a full development plan and reporting requirements. It is based on a strict configuration management plan in order to get the most out of the operational investment.

Production-based honeynets increase the capability of monitoring and analysis for a large enterprise or production network. The following are some of the primary goals of a production honeynet:

Organization protection
        
Prevent attacks
        
Detect attacks
        
Gather intelligence

Other books

Outpost by Adam Baker
Battle Scars by Sheryl Nantus
Wild Inferno by Sandi Ault
Deadly Spurs by Jana Leigh
Aftermath by Ann Aguirre
Gryphon in Glory by Andre Norton