Honeytoken

Honeytoken

In the field of computer security, Honeytokens are honeypots that are not computer systems. Their value lies not in their use, but in their abuse. As such, they are a generalization of such ideas as the honeypot and the canary values often used in stack protection schemes. Honeytokens can exist in almost any form, from a dead, fake account to a database entry that would only be selected by malicious queries, making the concept ideally suited to ensuring data integrity—any use of them is inherently suspicious if not necessarily malicious. In general, they don't necessarily prevent any tampering with the data, but instead give the administrator a further measure of confidence in the data integrity.

An example of a honeytoken is a fake email address used to track if a mailing list has been stolen. [ [http://www.plynt.com/resources/learn/merchants/mailing_list_theft/ Has my mailing list been stolen? | Plynt Security Testing Learning Center ] ]

If they are chosen to be unique and unlikely to ever appear in legitimate traffic, they can also be detected over the network by an intrusion-detection system (IDS), alerting the system administrator to things that would otherwise go unnoticed. This is one case where they go beyond merely ensuring integrity, and with some reactive security mechanisms, may actually prevent the malicious activity, e.g. by dropping all packets containing the honeytoken at the router. However, such mechanisms have pitfalls because it might cause serious problems if the honeytoken was poorly chosen and appeared in otherwise legitimate network traffic, which was then dropped.

As stated by Lance Spitzner in his article on Security Focus, [ [http://www.securityfocus.com/infocus/1713 Honeytokens: The Other Honeypot ] ] the term was first coined by Augusto Paes de Barros [ [http://www.securitybalance.com Augusto Paes de Barros blog] ] in 2003 [ [http://seclists.org/focus-ids/2003/Feb/0095.html IDS: RES: Protocol Anomaly Detection IDS - Honeypots ] ] .

References

See also

* Fictitious entry
* Trap street


Wikimedia Foundation. 2010.

Игры ⚽ Нужно сделать НИР?

Look at other dictionaries:

  • Trampa para canarios — Una trampa para canarios es un método para revelar la fuente de una fuga de información, que consiste en suministrar diferentes versiones de información sensible a cada grupo sospechoso y observando que versión es la filtrada. Aunque el uso de… …   Wikipedia Español

  • Honeypot (computing) — In computer terminology, a honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer, data, or a network site that appears to be part of a… …   Wikipedia

  • Trap street — A trap street is a fictitious entry in the form of a misrepresented street on a map, often outside the area the map nominally covers, for the purpose of trapping potential copyright violators of the map, who will be unable to justify the… …   Wikipedia

  • Honeypot (информационная безопасность) — Honeypot («Ловушка») (англ. горшочек с мёдом)  ресурс, представляющий собой приманку для злоумышленников. Задача Honeypot  подвергнуться атаке или несанкционированному исследованию, что впоследствии позволит изучить стратегию… …   Википедия

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”