资源描述:
《abstract decoy systems a new player in network security and computer incident response》由会员上传分享,免费在线阅读,更多相关内容在教育资源-天天文库。
1、InternationalJournalofDigitalEvidenceWinter2004,Volume2,Issue3DecoySystems:ANewPlayerinNetworkSecurityandComputerIncidentResponseKellepA.Charles,CISSPAbstractInterconnectivityontheInternetisgrowing,asmoreandmoreorganizations,privatecompaniesandgovernmentalinstitutionsco
2、nnectforcriticalinformationprocessing.Thisinterconnectivityallowsforbetterproductivity,fastercommunicationcapabilitiesandimmeasurablepersonalconveniences.Italsoopensthedoortomanyunforeseeablerisks,suchasindividualsgainingunauthorizedaccesstocriticalenterpriseinformation
3、infrastructure.Theseorganizationsarediscoveringthattraditionalmeansofpreventinganddetectingnetworkinfringementswithfirewalls,routeraccesscontrol-list(ACLs),anti-virusesandintrusiondetectionsystems(IDS)arenotenough.Hackersareabletoobtaineasytousetoolstoscanvariousnetwork
4、sontheInternetforsystemvulnerabilities,thenusetheinformationgatheredfromthescanstolaunchtheirattackswithscriptkiddies.Asolutionthathasbeencatchingoninthenetworksecurityandcomputerincidentresponseenvironmentistoemploy“DecoySystems.”DecoySystems,alsoknownasdeceptionsystem
5、s,honey-potsortar-pits,arephonycomponentssetuptoenticeunauthorizedusersbypresentingnumeroussystemvulnerabilities,whileattemptingtorestrictunauthorizedaccesstonetworkinformationsystems.IntroductionTheconceptofDecoySystemsisnotnewtothenetworksecurityworld,asCliffStoll1fir
6、stdescribeditinhisbookentitled“TheCuckoo’sEgg.”Stolldepictedajail-typetechnologythatcapturedanunauthorizeduser’saccesstoasystemtodeterminehisintentions.Itisjustrecentlythattheconcepthasbeenadoptedbythemassesforproductionimplementationtoassistinadefensivenetworksecurityp
7、osture.Acompromiseddecoysystemoffersawealthoffeaturesthatcanassistwithintelligencedatagathering,incidentresponseandnetworkforensics,forabetterunderstandingofwhotheattackeris,whatmethodtheattackerusedtogainaccessandtheresultsoftheattacker’sunauthorizedattackforpossiblepr
8、osecutionmeasures.Thesefeaturesincludesuspiciouseventalertstoamanagementworkstationforvisualandaudiblenotifica
