Reverse Deception: Organized Cyber Threat Counter-Exploitation (82 page)

Temporary folders

Internet cache

Organizational documents

User personal files and folders, including personal information, personal education information, and industry information

Numerous types of files should be on any given system within user folders:

Professional

Personal

Education

Network or Organizational

The following are network or organizational considerations:

How do you ensure your honeypot looks like the production asset one IP address over?

How do you introduce bait systems on a network to entice an attacker into that area?

The following are of more concern when addressing government networks:

They do not change often.

All systems typically have a long paper trail.

Regular maintenance is required on every system.

Realism

The following are important to make your honeypot look real:

Ensure IP addressing matches participant/customer IP schema.

Ensure the honeypot computer names match the host system schema.