Join Lisa Bock for an in-depth discussion in this video Implementing a honeypot, part of IT Security Foundations: Network Security.
- A Honeypot is a system set up to lure a would-be attacker,…with a goal of observing their behavior,…in order to learn attack methodologies…to better protect the real network,…and to gather forensic evidence required to aid…in the apprehension, or prosecution of intruders.…Placement of a Honeypot depends on your objectives,…it can be inside the LAN, in the DMZ,…or outside as a tasty treat for a would-be attacker.…Use caution, and it may be best to keep it in the DMZ,…because even though this is a fake system,…they are essentially in your network.…
A Honeypot many times is part of an…intrusion detection system,…but keep in mind, the main focus…is on gathering information.…Once an intruder breaks into a system,…many times they will come back for subsequent visits…where more information can be monitored and saved.…Keep the system as generic as possible,…if you soup up the system too much,…an attacker may disconnect.…Put interesting data in the system,…to appear as if they hit a valuable target.…
Information may not be admissible in court,…
Note: This training maps to a number of the exam topics on the Microsoft Technology Associate (MTA) Security Fundamentals exam (98-367). See https://www.microsoft.com/learning/en-us/exam-98-367.aspx for more information.
- Implementing secure content management (SCM)
- Implementing unified threat management (UTM)
- Introducing VLANs
- NAT addressing
- Network sniffing
- Understanding common attack methods, such as password attacks
- Protecting clients with antivirus software
- Implementing physical security