IDS mailing list archives
RES: Honeytokens and detection
From: "Augusto Paes de Barros" <augusto () paesdebarros com br>
Date: Tue, 8 Apr 2003 6:49:24 -0000
David, You are right. Public known honeytokens wouldn't be of much use. Each company should create its own fake data, to add a random factor and increase the chance of being usable on these cases. Honeytokens as database rows raises some additional issues that should be remembered. All apps that do things like "SELECT * FROM TRANSACTIONS" can make the alarm sound. One of my favourite ones is the bogus administrator/root user with null password. Did anyone already try something with these? Regards, Augusto. -----Mensagem original----- De: David Zbonski [mailto:dzbonski () hotmail com] Enviada em: domingo, 6 de abril de 2003 17:04 Para: lance () honeynet org; FOCUS-IDS () SECURITYFOCUS COM Assunto: Re: Honeytokens and detection I think the idea is great but I think if the numbers (or tokens) were public it would be self-defeating. The would be theif might easily avoid pulling the token like a theif avoids pulling the last bill from a bank drawer to avoid setting off the alarm. Wouldn't it be best for each instiution to create their own? The security would be in detecting and alerting on the movement of the token information. I think it falls into "security by obscurity" but I also feel that this does not mean that it is wrong - it just means that you can't count on it 100%. It is a part of that larger puzzle of keeping data safe and systems useable. Just my two cents. David Zbonski Zbonski Consulting www.zbonski.com -- Augusto Paes de Barros, CISSP http://www.paesdebarros.com.br augusto () paesdebarros com br ----------------------------------------------------------- ALERT: Exploiting Web Applications- A Step-by-Step Attack Analysis Learn why 70% of today's successful hacks involve Web Application attacks such as: SQL Injection, XSS, Cookie Manipulation and Parameter Manipulation. http://www.spidynamics.com/mktg/webappsecurity71
Current thread:
- RES: Honeytokens and detection Augusto Paes de Barros (Apr 11)
- Re: RES: Honeytokens and detection Stephen P. Berry (Apr 14)
- <Possible follow-ups>
- RES: Honeytokens and detection Augusto Paes de Barros (Apr 15)