Joe, an administrator, installs a web server on the Internet that performs credit card transactions for
customer payments. Joe also sets up a second web server that looks like the first web server.
However, the second server contains fabricated files and folders made to look like payments were
processed on this server but really were not. Which of the following is the second server?
A.
DMZ
B.
Honeynet
C.
VLAN
D.
Honeypot
Explanation:
In this scenario, the second web server is a ‘fake’ webserver designed to attract attacks. We can then
monitor the second server to view the attacks and then ensure that the ‘real’ web server is secure against
such attacks. The second web server is a honeypot.
A honeypot is a system whose purpose it is to be attacked. An administrator can watch and study the
attack to research current attack methodologies.
According to the Wepopedia.com, a Honeypot luring a hacker into a system has several main purposes:
The administrator can watch the hacker exploit the vulnerabilities of the system, thereby learning where
the system has weaknesses that need to be redesigned.
The hacker can be caught and stopped while trying to obtain root access to the system.
By studying the activities of hackers, designers can better create more secure systems that are potentially
invulnerable to future hackers.
There are two main types of honeypots:Production – A production honeypot is one used within an organization’s environment to help mitigate
risk.
Research – A research honeypot add value to research in computer security by providing a platform to
study the threat.
Incorrect Answers:
A: A DMZ or demilitarized zone (sometimes referred to as a perimeter network) is a physical or logical
subnetwork that contains and exposes an organization’s external-facing services to a larger and untrusted
network, usually the Internet. The purpose of a DMZ is to add an additional layer of security to an
organization’s local area network (LAN); an external network node only has direct access to equipment in
the DMZ, rather than any other part of the network. The name is derived from the term “demilitarized
zone”, an area between nation states in which military operation is not permitted. The second web server
described in this question is not a DMZ.
B: A honeynet is a network set up with intentional vulnerabilities; its purpose is to invite attack, so that an
attacker’s activities and methods can be studied and that information used to increase network security.
In this question, we have a second single server rather than a network set up to be attacked. The server is
a honeypot, not a honeynet.
C: In computer networking, a single layer-2 network may be partitioned to create multiple distinct
broadcast domains, which are mutually isolated so that packets can only pass between them via one or
more routers; such a domain is referred to as a virtual local area network, virtual LAN or VLAN.
This is usually achieved on switch or router devices. Simpler devices only support partitioning on a port
level (if at all), so sharing VLANs across devices requires running dedicated cabling for each VLAN. More
sophisticated devices can mark packets through tagging, so that a single interconnect (trunk) may be used
to transport data for multiple VLANs.
Grouping hosts with a common set of requirements regardless of their physical location by VLAN can
greatly simplify network design. A VLAN has the same attributes as a physical local area network (LAN),
but it allows for end stations to be grouped together more easily even if they are not on the same
network switch. The second web server described in this question is not a VLAN.https://ethics.csc.ncsu.edu/abuse/hacking/honeypots/study.phphttp://en.wikipedia.org/wiki/DMZ_%28computing%29
http://searchsecurity.techtarget.com/definition/honeynet
http://en.wikipedia.org/wiki/Virtual_LAN