Hosting Provided By

Re: Honeytokens and Detection

From: Ankit Fadia <ankit(at)bol.net.in>
Date: Thu Jul 17 2003 - 19:20:18 EDT

Honeytokens is a new term for the methods being used by high-level intelligence guys and system survellience experts for luring and capturing the bad guys. A have seen a lot of Banks having a Honeytoken like the below, to detect and pinpoint the bad guys within their company:

Create dummy admin accounts with easy to crack passwords. These admin accounts should SEEM to have access to databases containing bogus credit card account details. If the internal employee is lured, he is fired next day.

Even the intelligence agencies provide false intelligence reports (what Stephen referred as Counterintelligence reports) to certain "suspect" agents to detect a "mole".

Overall, a good paper.

Ankit Fadia,
Intelligence Consultant

Original Message ----- From: "Stephen P. Berry" <spb@meshuggeneh.net> To: "Lance Spitzner" <lance@honeynet.org> Cc: "Focus on Intrusion Detection Systems" <FOCUS-IDS@securityfocus.com>; <spb@meshuggeneh.net> Sent: Saturday, July 19, 2003 6:51 AM Subject: Re: Honeytokens and Detection

> -----BEGIN PGP SIGNED MESSAGE-----
equivalent)
> accounts, to early CGI scripts that fed bogus information to would-be
roll-your-own
> solutions implemented by those of us protecting peculiar assets and
services
> (like BBS door games and various flavours of MUD security).

> Is your IDS deployed correctly?

Received on Tue Jul 22 00:34:12 2003

This message: [ Message body ]
Next message: Graham, Robert (ISS Atlanta): "RE: Traffic Balancing on High-speed IDS"
Previous message: Christian Kreibich: "Re: Traffic Balancing on High-speed IDS"
In reply to Stephen P. Berry: "Re: Honeytokens and Detection"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:16 EDT

Do you need help?