It's just a chess game . Moving pieces ： Belonging to the defensive side IT Departments and hackers belonging to the attackers . Like war , The same is true in the field of network security defense and attack ： Classic deception still works .
Fake guns used in the 18th century （Quaker Gun） It's a military decoy , It looks like a cannon in the distance , But it's just the trunk of a tree . Some soldiers painted the fake guns black , Make it look more realistic . Low level honeypots disguised as attack interfaces （Attack Surface） The appearance of , Waiting for hackers . This honeypot is just a waste of the attacker's energy , And it's only going to take a little longer .
The hidden （Concealment）
The U.S. military has since 1898 Smoke screens have been in use since , This is an example of concealment .RSA Todd, a member of the Council's Advisory Panel · Inskip （Todd Inskeep） Express , Now , Businesses use physical isolation , Disconnect computers with sensitive data from the Internet , To hide .
Another example is , Enterprises can use the network telescope in the internal network （Network Telescope） Or the dark net to mislead those who come to investigate 、 Traffic with unknown source address . In some financial institutions , It's called a black hole （Black Hole）： Anything pointing to the unknown IP The traffic of the address will be directed here , Defenders can record and grab traffic . For the attacker , They see that the traffic is gone , So you don't know what happened . The attacker won't get one Null return , But there will be no return at all , So we can't get information from the investigation .
Mimicry looks more real than bait .
The above picture is the prototype of a fake tank used in the first World War , It makes the sound of a tank 、 Roll the smoke , Even really moving , It makes it more persuasive . Application specific honeypots （Application Honeypot） Take mimicry to a higher level , It will simulate specific applications with frequent vulnerabilities , And on the server as an entry point to be found by hackers . Mimicry includes open e-mail relay （Open Email Relay）、 File and print servers （File/Print Server） And open agents .
1962 year , Russia refuses to acknowledge attempts to deploy nuclear warheads in Cuba . Fast forward to today , Some countries insist in the face of a lot of evidence that they have denied attacking other countries . It's part of PR and social networking .
During the second world war , The British put a body in a bag , Pack in the wrong evidence of a feint , Then wait for the other party to spend time and energy investigating a threat that doesn't exist . Inskip says , Recently, the so-called client honeypot will find malicious servers by carefully tracking the changes on the local system , It also provides a misleading message , That is, they accepted the modification from the server . In fact, they're grabbing and tagging these modifications , Finally, reset yourself through virtualization , Make real harm impossible .
Fake action （Deceptive Maneuver）
Inskip says , In some anecdotes , Several companies modify a website regularly , To force attackers to rebuild their systems , Start over again .
This well-known technique is used in the field of information security ： Using simulation engine applications with deceptive Technology .
Simulation engines will dress up as ubiquitous operating systems , Defenders deliberately put confidential information in , You may also change the label to “ Credit card information ”. While attackers steal fake data , Deceptive technology will record his activities , Share information with other security tools , So that people can catch cybercriminals faster .