Jane, a security analyst, is reviewing logs from hosts across the Internet which her company uses to gather data on new malware. Which of the following is being
implemented by Jane’s company?
A.
Vulnerability scanner
B.
Honeynet
C.
Protocol analyzer
D.
Port scanner
Explanation:
The Internet hosts used to gather data on new malware are known as honeypots. A collection of honeypots is known as a honeynet.
A honeynet is a network set up with intentional vulnerabilities; its purpose is to invite attack, so that an attacker’s activities and methods can be studied and that
information used to increase network security. A honeynet contains one or more honey pots, which are computer systems on the Internet expressly set up to attract
and “trap” people who attempt to penetrate other people’s computer systems. Although the primary purpose of a honeynet is to gather information about attackers’methods and motives, the decoy network can benefit its operator in other ways, for example by diverting attackers from a real network and its resources. The
Honeynet Project, a non-profit research organization dedicated to computer security and information sharing, actively promotes the deployment of honeynets.
In addition to the honey pots, a honeynet usually has real applications and services so that it seems like a normal network and a worthwhile target. However,
because the honeynet doesn’t actually serve any authorized users, any attempt to contact the network from without is likely an illicit attempt to breach its security,
and any outbound activity is likely evidence that a system has been compromised. For this reason, the suspect information is much more apparent than it would be
in an actual network, where it would have to be found amidst all the legitimate network data. Applications within a honeynet are often given names such as
“Finances” or “Human Services” to make them sound appealing to the attacker.
A virtual honeynet is one that, while appearing to be an entire network, resides on a single server.
Incorrect Answers:
A: A vulnerability scanner is software designed to assess computers, computer systems, networks or applications for weaknesses. This includes applications or
default configurations posing a security risk. In this question, we have computers set up with the aim of being attacked to enable Jane to gather data on new
malware. The question is asking about the computers themselves, not the tools used to assess the computers. These computers form a honeynet.
Therefore, this answer is incorrect.
C: A Protocol Analyzer is a hardware device or more commonly a software program used to capture network data communications sent between devices on a
network. This is not what is described in this question. Therefore, this answer is incorrect.
D: A port scanner is typically a software application used to scan a system such as a computer or firewall for open ports. A malicious user would attempt to access
a system through an open port. A security administrator would compare the list of open ports against a list of ports that need to be open so that unnecessary ports
can be closed thus reducing the vulnerability of the system. This is not what is described in this question. Therefore, this answer is incorrect.http://searchsecurity.techtarget.com/definition/honeynet