Sadie Net
Jinshi
The way to lure hackers is actually simpler, as if we were catching animals. When a hacker begins to search the network, he is surprised to find a very vulnerable data server. But when he was ready to enter the server system, the network administrator is also tracking his whereabouts, like "Mantis, Siskin." The intruder was lured by a "decoy" server that was designed specifically to discover these intruders.
The characteristic of the "decoy" server is that the data server has a large amount of data, so it is difficult to separate the malicious attack from the large amount of data. Therefore, it is necessary for us to design these "decoy" servers that specialize in luring hackers to ensure that the data servers are working properly.
The main purpose of the "decoy" server is to emulate the data server while alerting and recording the hacker's behavior. With the features listed below, it is not hard to see how the "decoy" server accomplishes this function.
A. " Decoy "The server imitates the real data server and has its normal working side;
B. " Decoy "Server to provide some network resources and user accounts, causing the attention of hackers;
C. " Bait "The server shows its fragile side, luring hackers to launch malicious attacks on it;
D. " Decoy "Server has a very powerful and complete intrusion alarm and recording mechanism.
How to create "bait" 1. Port redirection
With a redirected router or firewall, some services on the data server are remap to the decoy server, for example, a Web service with a port of 80 is reserved, but a Telnet service with port 25 and a port of 23 is mapped to the decoy server. At this point, once the SMTP and telnet intrusion behavior, the system will be able to alarm and record.
But at the same time, we still need to monitor the Web services, because the data access to it is not recorded on the "decoy" server, so the corresponding intrusion monitoring system still needs to be installed on the Web service. Because redirected services do not have intrusion monitoring systems, it is easier for hackers to access these services.
2. Building a "decoy" server
Another approach is to place the "decoy" server in the middle of the data server, for example, the address of the data server is 2, 3, 5, and the "decoy" server address is 4, you can also use the IP alias method, to the "decoy" server more IP address.
When hackers look for the most vulnerable computers in the entire network, it is clear that they are entering the "decoy" server. But if the hacker avoids the "decoy" server and attacks the data server directly, this method becomes ineffective. The core strategy of the "decoy" server is that the data arriving at the "decoy" server is suspect. Once the hacker has entered the server, his movements will be recorded.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
