Study Document
Designing Good Deceptions in Defense Term Paper
Pages:3 (829 words)
Sources:1+
Subject:Personal Issues
Topic:Deception
Document Type:Term Paper
Document:#54003426
" This approach would also help protect computer systems from unauthorized access by insiders as well, he says (3).
In the spirit of "fight fire with fire," Rowe says that because computer hackers typically use deceptive practices (e.g., impersonation, viruses/worms, and denial of service attacks), it just makes good sense to turn the tables on the hackers by using honeypots and honeynets to collect the kinds of information required to do so. Citing examples from nature, Rowe points out that deception is a common defensive tactic, but it can also be used in a more offensive way by deceiving hackers into staying in the system as long as possible; in some cases, though, the author emphasizes that security considerations would require that the hacker simply be disconnected rather than tricked into staying in the system as long as possible. By keeping the system responses as realistic as possible during these episodes, Rowe suggests that computer security professionals will be in a better position to tie up the hacker's resources while as much information as possible can be collected about them. The author even provides an analysis of how to develop a fuzzy logic approach to determining the hacker's potential to believe in such realistic - but fake - system responses in order to fine-tune them based on a survey of students and faculty. Rowe then offers several vignettes and examples to illustrate how these deceptive responses can be used to defeat unauthorized intrusions and use the data that is collected during the intrusion to develop even better protective approaches in the future (3).
Works Cited
Rowe, Neil C. "Designing Good Deceptions in Defense of Information Systems." Monterey CA: Cebrowski Institute, U.S. Naval Postgraduate School.
End Notes
1) This is perhaps the most interesting part of this analysis; by suggesting that security professionals take what hackers universally understand about computers and turn it against them, Rowe immediately succeeds in developing a high degree of interest in this essay.
2) Rowe says that "Honeypots are systems with no purpose except to encourage attacks so data can be collected, and honeynets are networks of honeypots."
3) The most interesting part of this essay is also the most disturbing. The fact that security analysts are devoting valuable resources to these initiatives rather than to developing superior access controls in the first place suggests that the task may not be "do-able," at…
Sample Source(s) Used
Works Cited
Rowe, Neil C. "Designing Good Deceptions in Defense of Information Systems." Monterey CA: Cebrowski Institute, U.S. Naval Postgraduate School.
End Notes
1) This is perhaps the most interesting part of this analysis; by suggesting that security professionals take what hackers universally understand about computers and turn it against them, Rowe immediately succeeds in developing a high degree of interest in this essay.
2) Rowe says that "Honeypots are systems with no purpose except to encourage attacks so data can be collected, and honeynets are networks of honeypots."
Related Documents
Study Document
European Resistance Movements in the
A small but vigorous Communist party already experienced with underground work was the first to initiate clandestine operations. They set up front organizations and recruited members. By April 1942, they had recruited enough people to form a guerrilla arm called ELAS. Aris Velouchiotis, a former schoolteacher and Communist revolutionary, was the leader of this group whose goal was to harass the occupiers and wear them down. A charismatic leader with
Study Document
Schlesinger Describes Four Main Themes Relating to
Schlesinger describes four main themes relating to the notion of a shared household. These are: Collective responsibility for medical care or cost- Family members have collective responsibility and commitment in regard to certain burdens (such as paying the rent or household chores). In a similar way, politicians first argued at the end of the Progressive era that the American nation -- qua family -- owed special responsibility in regard to its
Study Document
Consumer Web Site Design: Purchase Intentions and
Consumer Web Site Design: Purchase Intentions and Loyalty in a Business-to-Consumer (B2C) Internet Commerce Environment RHETORICAL DISSERTATION Electronic commerce has experienced the meteoric rise and subsequent crash of any behemoth entity cast aloft without moorings or foundation. From a now short but historical vantage point, this profound economic failure during the dot-com heyday can likely be attributed to a few key factors. Many experts in the field of e-commerce have suggested remedial
Study Document
ERP and Information Security
ERP and Information Security Introduction to ERP Even though the plans of information security include the prevention of outsiders to gain access of internal network still the risk from the outsiders still exists. The outsiders can also represent themselves as authorized users in order to cause damage to the transactions of the business systems. Therefore, strict prevention measures should be taken to avoid such situations. The threats of both the hackers have been
Study Document
SL/https De-Encryption SSL/https is Widely
This is however, not considered foolproof. It is possible to break the security by a person having adequate technical expertise and access to the network at hardware level. In view of this the SSL method with right configuration is considered perfectly sufficient for all commercial purposes.5In order to safeguard the data while in transit it is customary to adopt a practical SSL protocol covering all network services that use
Study Document
Computer Forensics for Preventing Email
i.e. modifying the domain name system. 7. DNS-Based Phishing ("Pharming"): This offense is based on interference in the domain name searching process by modifying the domain name resolution sending the user to a different IP address. 8. Content-Injection Phishing: The phisher introduces fraudulent content into a legitimate website. 9. Data Theft: Malicious code that collects sensitive information stored within the machines in which it is installed. 10. Man-in-the-Middle Phishing: The phisher takes a