Which of the following types of technologies is used by security and research personnel for identification
and analysis of new security threats in a networked environment by using false data/hosts for information
collection?
A.
Honeynet
B.
Vulnerability scanner
C.
Port scanner
D.
Protocol analyzer
Explanation:
A honeynet is a network set up with intentional vulnerabilities; its purpose is to invite attack, so that an
attacker’s activities and methods can be studied and that information used to increase network security.
A honeynet contains one or more honey pots, which are computer systems on the Internet expressly set
up to attract and “trap” people who attempt to penetrate other people’s computer systems. Although the
primary purpose of a honeynet is to gather information about attackers’ methods and motives, the decoy
network can benefit its operator in other ways, for example by diverting attackers from a real network
and its resources. The Honeynet Project, a non-profit research organization dedicated to computer
security and information sharing, actively promotes the deployment of honeynets.
In addition to the honey pots, a honeynet usually has real applications and services so that it seems like a
normal network and a worthwhile target. However, because the honeynet doesn’t actually serve any
authorized users, any attempt to contact the network from without is likely an illicit attempt to breach its
security, and any outbound activity is likely evidence that a system has been compromised. For this
reason, the suspect information is much more apparent than it would be in an actual network, where it
would have to be found amidst all the legitimate network data. Applications within a honeynet are often
given names such as “Finances” or “Human Services” to make them sound appealing to the attacker.
Incorrect Answers:
B: A vulnerability scan is used to determine whether a system is vulnerable to known threats. It does not
use false data/hosts for information collection.
C: A port scanner scans a system or network for open ports. It does not use false data/hosts for
information collection.
D: A Protocol Analyzer is a hardware device or more commonly a software program used to capture
network data communications sent between devices on a network. It does not use false data/hosts for
information collection.http://searchsecurity.techtarget.com/definition/honeynet