A security administrator wants to get a real time look at what attackers are doing in the wild, hoping to lower the risk of zero-day attacks. Which of the following should be used to accomplish this goal?
A. Penetration testing
C. Vulnerability scanning
D. Baseline reporting
Correct Answer: B
Section: Threats and Vulnerabilities
A honeynet is a network set up with intentional vulnerabilities; its purpose is to invite attack, so that an attacker’s activities and methods can be studied and that information used to
increase network security. A honeynet contains one or more honey pots, which are computer systems on the Internet expressly set up to attract and “trap” people who attempt to
penetrate other people’s computer systems. Although the primary purpose of a honeynet is to gather information about attackers’ methods and motives, the decoy network can benefit
its operator in other ways, for example by diverting attackers from a real network and its resources. The Honeynet Project, a non-profit research organization dedicated to computer
security and information sharing, actively promotes the deployment of honeynets.
In addition to the honey pots, a honeynet usually has real applications and services so that it seems like a normal network and a worthwhile target. However, because the honeynet
doesn’t actually serve any authorized users, any attempt to contact the network from without is likely an illicit attempt to breach its security, and any outbound activity is likely evidence
that a system has been compromised. For this reason, the suspect information is much more apparent than it would be in an actual network, where it would have to be found amidst all
the legitimate network data. Applications within a honeynet are often given names such as “Finances” or “Human Services” to make them sound appealing to the attacker.
A virtual honeynet is one that, while appearing to be an entire network, resides on a single server.
A: Penetration testing evaluates an organization’s ability to protect its networks, applications, computers and users from attempts to circumvent its security controls to gain
unauthorized or privileged access to protected assets. You perform a penetration test by attempting to gain access to the system. However, to do this, you are trying to exploit
weaknesses that you know about. An attacker might use a different method. To view all methods used by attackers, you need to set up a honeynet.
C: A vulnerability scanner is software designed to assess computers, computer systems, networks or applications for weaknesses. A vulnerability scan will scan for weaknesses
(vulnerabilities) in a system but it does not provide information about the methods attackers are using.
D: Baseline reporting will alert the security manager to any changes in the security posture compared to the original baseline configuration. Baseline reporting does not provide
information about the methods attackers are using.