Honeypots and deception
A honeypot is a trap set to detect, deflect or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer, data or a network site that appears to be part of a network but which is actually isolated and protected, and which seems to contain information or a resource that would be of value to attackers. A honeypot that masquerades as an open proxy is known as a sugarcane. A honeypot is valuable as a surveillance and early-warning tool. While often a computer, a honeypot can take on other forms, such as... Read more |
White worms |
| The concept of "anti-worms" is a proactive method of dealing with virus and computer worm outbreaks. Just like malicious computer worms, anti-worms reach computers by scanning IP ranges and placing a copy of themselves on vulnerable hosts. The anti-worm then patches the computer"s vulnerability and uses the affected computer to find other vulnerable hosts. Anti-worms have the ability to spread just as fast as regular computer worms, utilizing the same "scan, infect, repeat" model that malicious computer worms use. Many computer security experts have denounced the so-called "anti-worm". Their position is that no code should be run on a system... Read more |
Honeynets |
| Two or more honeypots on a network form a honeynet. Typically, a honeynet is used for monitoring a larger and/or more diverse network in which one honeypot may not be sufficient. Honeynets and honeypots are usually implemented as parts of larger network intrusion-detection systems.... Read more |
Botnets |
| Botnet is a jargon term for a collection of software robots, or bots, which run autonomously. A botnet"s originator can control the group remotely, usually through a means such as IRC, and usually for nefarious purposes. A botnet can comprise a collection of cracked machines running programs (usually referred to as worms, Trojan horses, or backdoors) under a common command and control infrastructure. Individual programs manifest as IRC "bots". Often the command and control takes place via an IRC server or a specific channel on a public IRC network. A bot typically runs hidden, and complies with the RFC 1459... Read more |
Virtual machines |
| The term virtual machine is currently used, among other meanings, to refer to the environment created by an emulator, where software is used to emulate an operating system for the end user. This is done to allow applications written for one OS to be executed on a machine which runs a different OS; or to provide execution "sandboxes" which provide a greater level of isolation between processes than is achieved when running multiple processes on the same instance of an... Read more |
Copyleft ©
| Cisco VPN: Overlay networks, Network overlays | Intruvert, Realsecure: Network Intrusion Detection |
| Host-based intrusion detection: Behavior-blocking.com | |