Decoy Systems: A New Player in Network Security and Computer Incident Response

Interconnectivity on the Internet is growing, as more and more organizations, private companies and governmental institutions connect for critical information processing. This interconnectivity allows for better productivity, faster communication capabilities and immeasurable personal conveniences. It also opens the door to many unforeseeable risks, such as individuals gaining unauthorized access to critical enterprise information infrastructure. These organizations are discovering that traditional means of preventing and detecting network infringements with firewalls, router access control-list (ACLs), anti-viruses and intrusion detection systems (IDS) are not enough. Hackers are able to obtain easy to use tools to scan various networks on the Internet for system vulnerabilities, then use the information gathered from the scans to launch their attacks with script kiddies. A solution that has been catching on in the network security and computer incident response environment is to employ “Decoy Systems.” Decoy Systems, also known as deception systems, honey-pots or tar-pits, are phony components setup to entice unauthorized users by presenting numerous system vulnerabilities, while attempting to restrict unauthorized access to network information systems.