After reading chapter 2, evaluate the advantages and disadvantages of a honey pot. Your response should be at least 200 words, and contain at least one external citation and reference in APA format.

– Scanning – Discovery – Exploitation – Exposing 6 Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 2 – Deception Fig. 2.2 – Stages of deception for national infrastructure protection 7 • Adversary is scanning for exploitation points – May include both online and offline scanning • Deceptive design goal: Design an interface with the following components – Authorized services – Real vulnerabilities – Bogus vulnerabilities • Data can be collected in real -time when adversary attacks honey pot Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 2 – Deception Scanning Stage 8 Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 2 – Deception Fig. 2.3 – National asset service interface with deception 9 • Deliberately inserting an open service port on an Internet -facing server is the most straightforward deceptive computing practice • Adversaries face three views – Valid open ports – Inadvertently open ports – Deliberately open ports connected to honey pots • Must take care the real assets aren’t put at risk by bogus ports Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 2 – Deception Deliberately Open Ports 10 Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 2 – Deception Fig. 2.4 – Use of deceptive bogus ports to bogus assets 11 Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 2 – Deception Fig. 2.5 – Embedding a honey pot server into a normal server complex 12 • The discovery stage is when an adversary finds and accepts security bait embedded in the trap • Make adversary believe real assets are bogus – Sponsored research – Published case studies – Open solicitations • Make adversary believe bogus assets are real – Technique of duplication is often used for honey pot design Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 2 – Deception Discovery Stage 13 Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 2 – Deception Fig. 2.6 – Duplication in honey pot design 14 • Creation and special placement of deceptive documents can be used to trick an adversary (Especially useful for detecting a malicious insider) – Only works when content is convincing and – Protections appear real Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 2 – Deception Deceptive Documents 15 Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 2 – Deception Fig. 2.7 – Planting a bogus document in protected enclaves 16 • This stage is when an adversary exploits a discovered vulnerability – Early activity called low radar actions – When detected called indications and warnings • Key requirement: Any exploitation of a bogus asset must not cause disclosure, integrity, theft, or availability problems with any real asset Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 2 – Deception Exploitation Stage 17 Chapter 2 – Deception Fig. 2.8 – Pre - and post - attack stages at the exploitation stage Copyright © 2012, Elsevier Inc. All rights Reser ved 18 • Related issue: Intrusion detection and incident response teams might be fooled into believing trap functionality is real. False alarms can be avoided by – Process coordination – Trap isolation – Back -end insiders – Process allowance Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 2 – Deception Exploitation Stage 19 • Understand adversary behavior by comparing it in different environments. • The procurement lifecycle is one of the most underestimated components in national infrastructure protection (from an attack perspective) Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 2 – Deception Procurement Tricks 20 Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 2 – Deception Fig. 2.9 – Using deception against malicious suppliers 21 • The deception lifecycle ends with the adversary exposing behavior to the deception operator • Therefore, deception must allow a window for observing that behavior – Sufficient detail – Hidden probes – Real -time observation Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 2 – Deception Exposing Stage 22 Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 2 – Deception Fig. 2.10 – Adversary exposing stage during deception 23 Interfaces Between Humans and Computers • Gathering of forensic evidence relies on understanding how systems, protocols, and services interact – Human -to -human – Human -to -computer – Computer -to -human – Computer -to -computer • Real -time forensic analysis not possible for every scenario Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 2 – Deception 24 Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 2 – Deception Fig. 2.11 – Deceptively exploiting the human - to - human interface 25 • Programs for national deception would be better designed based on the following assumptions:

– Selective infrastructure use – Sharing of results and insights – Reuse of tools and methods • An objection to deception that remains is that it is not effective against botnet attacks – Though a tarpit might degrade the effectiveness of a botnet Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 2 – Deception National Deception Program