Intrusion Deception – Counter offense is the best defense

Information Security mostly revolves around defense in depth. Hitherto, we have had ‘Intrusion Detection’ and ‘Intrusion Prevention’ tools and techniques. But the newest technique in securing information assets, ‘Intrusion Deception’, has turned the security concept upside down and relies on counter offensive ‘honey pot’ methodology to protect the information assets in an organization.

One such ‘Intrusion Deception’ tool, developed by David Koretz (Mykonos Software now part of Juniper Networks), is a series of ‘tripwires’ that can help organization identify online attackers of web sites / applications. The software leads attackers down data dead ends toward stockpiles of sensitive information like credit card numbers that do not exist or what seem like easily exploited vulnerabilities that are in fact false fronts.

Attackers are detected when they manipulate the detection points inserted into web application code. If the adversary does a simple SQL injection attack and then gets to a password file, a fake password file is returned. Then the adversary will attempt to crack the passwords and, if successful, is allowed to log into the honeypot using the bogus credentials. And because attackers are manipulating code that has nothing to do with an organisation’s website or web application, the security administrator can be absolutely certain that it is a malicious action with no chance of a false positive. Meanwhile, the tool is profiling the attacker and responding appropriately. Mykonos web security software also has features like observing the attacks unfold in real time as well as record them for play back later.

Comments are closed.