Techniques used to mislead, confuse and divert attackers from critical assets while simultaneously detecting and neutralizing threats
Honeypot
A decoy system or network setup to attract potential hackers
They are setup to mimic a real system and are used to collect information on the attacker
Honeynet
Network of honeypots used to create a more complex system that is designed to mimic an entire network of systems, including servers, routers and switches
Honey Files
A decoy file placed within a system to lure potential attackers
Honeyfiles can have embedded code that can enumerate the attackers system when they try to access it
Honeytokens
Piece of data or a resource that has no legitimate use but is monitored for access or use They are useful for identifying insider threats
Other Techniques
Bogus DNS Entries
Creating Decoy Directories
Creating Dynamic Pages: confuse web crawlers and scrapping services
Port Triggering: Ports are closed until a specific outbound traffic pattern is detected
Spoofing Telemetry Data: Send fake data when network scan is detected