Page 482 - StudyBook.pdf
P. 482

466    Chapter 7 • Topologies and IDS


                noted that entrapment only applies to the actions of law enforcement or
                government personnel. A civilian cannot entrap, regardless of how much
                pressure is exerted on the target to commit the crime. (However, a civilian
                could be subject to other charges, such as criminal solicitation or criminal
                conspiracy, for causing someone else to commit a crime.)

                 The following characteristics are typical of honeypots or honeynets:

                  ■   Systems or devices used as lures are set up with only “out of the box”
                      default installations, so that they are deliberately made subject to all known
                      vulnerabilities, exploits, and attacks.
                  ■   The systems or devices used as lures do not include sensitive information
                      (e.g., passwords, data, applications, or services an organization depends on
                      or must absolutely protect), so these lures can be compromised, or even
                      destroyed, without causing damage, loss, or harm to the organization that
                      presents them to be attacked.

                  ■   Systems or devices used as lures often also contain deliberately tantalizing
                      objects or resources, such as files named password.db, folders named Top
                      Secret, and so forth—often consisting only of encrypted garbage data or log
                      files of no real significance or value—to attract and hold an attacker’s
                      interest long enough to give a backtrace a chance of identifying the
                      attack’s point of origin.
                  ■   Systems or devices used as lures also include or are monitored by passive
                      applications that can detect and report on attacks or intrusions as soon as
                      they start, so the process of backtracing and identification can begin as
                      soon as possible.
                 Although this technique can help identify the unwary or unsophisticated
             attacker, it also runs the risk of attracting additional attention from savvier attackers.
             Honeypots or honeynets, once identified, are often publicized on hacker message
             boards or mailing lists and thus become more subject to attacks and hacker activity
             than they otherwise might be. Likewise, if the organization that sets up a honeypot
             or honeynet is itself identified, its production systems and networks may also be
             subjected to more attacks than might otherwise occur.










          www.syngress.com
   477   478   479   480   481   482   483   484   485   486   487