Network Decoys

Share on Facebook0Share on LinkedIn0Share on Google+0Tweet about this on Twitter0

A decoy, also known as a honeypot, is comprised of all the essential hardware and software components, but lacks the ability to protect itself. It normally reflects the image of a server and even carries dummy data to trick the intruder into thinking the files are genuine. The concept of Decoy Systems is not new to the network security world, as Cliff Stoll first described it in his book entitled “The Cuckoo’s Egg.”(C.Stoll) Stoll depicted a jail-type technology that captured an unauthorized user’s access to a system to determine his intentions. The theory behind a decoy system is that if it is going to happen, it should happen to a system that isn’t an essential part of the network. Ultimately, this allows for administrators to view, log, and protect the actual system from attack. The value of a decoy is tremendous because it saves both time and money. It allows the administrator an opportunity to determine, create, and block incoming intruders. There are many applications that will assist in the creation of a decoy system. One of the most common is the Symantec ManTrap, which inevitably acts as an operating system within another operating system. While the intruder is bombarding in the files, the external operating system, of the same machine, hunts him down and collects evidence.


C. Stoll, The Cuckoo’s Egg: Tracking a Spy Through the Maze of a Computer Espionage (New York: Pocket Books, 1990).