Seven classic deception techniques still available today
mob604757044d68 2021-07-20 04:32:52

It's just a chess game . Moving pieces : Belonging to the defensive side IT Departments and hackers belonging to the attackers . Like war , The same is true in the field of network security defense and attack : Classic deception still works .


bait (Decoy)


 picture


Fake guns used in the 18th century (Quaker Gun) It's a military decoy , It looks like a cannon in the distance , But it's just the trunk of a tree . Some soldiers painted the fake guns black , Make it look more realistic . Low level honeypots disguised as attack interfaces (Attack Surface) The appearance of , Waiting for hackers . This honeypot is just a waste of the attacker's energy , And it's only going to take a little longer .


The hidden (Concealment)


 picture


The U.S. military has since 1898 Smoke screens have been in use since , This is an example of concealment .RSA Todd, a member of the Council's Advisory Panel · Inskip (Todd Inskeep) Express , Now , Businesses use physical isolation , Disconnect computers with sensitive data from the Internet , To hide .


Another example is , Enterprises can use the network telescope in the internal network (Network Telescope) Or the dark net to mislead those who come to investigate 、 Traffic with unknown source address . In some financial institutions , It's called a black hole (Black Hole): Anything pointing to the unknown IP The traffic of the address will be directed here , Defenders can record and grab traffic . For the attacker , They see that the traffic is gone , So you don't know what happened . The attacker won't get one Null return , But there will be no return at all , So we can't get information from the investigation .


Mimicry (Simulation)


Mimicry looks more real than bait .


 picture


The above picture is the prototype of a fake tank used in the first World War , It makes the sound of a tank 、 Roll the smoke , Even really moving , It makes it more persuasive . Application specific honeypots (Application Honeypot) Take mimicry to a higher level , It will simulate specific applications with frequent vulnerabilities , And on the server as an entry point to be found by hackers . Mimicry includes open e-mail relay (Open Email Relay)、 File and print servers (File/Print Server) And open agents .


Deny (Denial)


1962 year , Russia refuses to acknowledge attempts to deploy nuclear warheads in Cuba . Fast forward to today , Some countries insist in the face of a lot of evidence that they have denied attacking other countries . It's part of PR and social networking .


 picture


misleading (Disinformation)


 picture


During the second world war , The British put a body in a bag , Pack in the wrong evidence of a feint , Then wait for the other party to spend time and energy investigating a threat that doesn't exist . Inskip says , Recently, the so-called client honeypot will find malicious servers by carefully tracking the changes on the local system , It also provides a misleading message , That is, they accepted the modification from the server . In fact, they're grabbing and tagging these modifications , Finally, reset yourself through virtualization , Make real harm impossible .


Fake action (Deceptive Maneuver)


Inskip says , In some anecdotes , Several companies modify a website regularly , To force attackers to rebuild their systems , Start over again .


 picture


trap (Trap)


This well-known technique is used in the field of information security : Using simulation engine applications with deceptive Technology .


 picture


Simulation engines will dress up as ubiquitous operating systems , Defenders deliberately put confidential information in , You may also change the label to “ Credit card information ”. While attackers steal fake data , Deceptive technology will record his activities , Share information with other security tools , So that people can catch cybercriminals faster .


Please bring the original link to reprint ,thank
Similar articles

2021-08-09

2021-08-09