The network of an organization has been the victim of several intruders’ attacks. Which of the
following measures would allow for the early detection of such incidents?
A.
Antivirus software
B.
Hardening the servers
C.
Screening routers
D.
Honeypots
Explanation:
Honeypots can collect data on precursors of attacks. Since they serve no business function,
honeypots are hosts that have no authorized users other than the honeypot administrators. All
activity directed at them is considered suspicious. Attackers will scan and attack honeypots, giving
administrators data on new trends and attack tools, particularly malicious code. However,
honeypots are a supplement to, not a replacement for, properly securing networks, systems and
applications. If honeypots are to be used by an organization, qualified incident handlers andintrusion detection analysts should manage them. The other choices do not provide indications of
potential attacks.