2 cissp ® Official Study Guide Eighth Edition

Understanding Pseudo Flaws

Download 19,3 Mb.

Pdf ko'rish

bet	711/881
Sana	08.04.2023
Hajmi	19,3 Mb.
	#925879

1 ... 707 708 709 710 711 712 713 714 ... 881

Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

Understanding Padded Cells
Warning Banners

Understanding Pseudo Flaws
Pseudo flaws
are false vulnerabilities or apparent loopholes intentionally implanted in a
system in an attempt to tempt attackers. They are often used on honeypot systems to emu-
late well-known operating system vulnerabilities. Attackers seeking to exploit a known
flaw might stumble across a pseudo flaw and think that they have successfully penetrated
a system. More sophisticated pseudo flaw mechanisms actually simulate the penetration
and convince the attacker that they have gained additional access privileges to a system.
However, while the attacker is exploring the system, monitoring and alerting mechanisms
trigger and alert administrators to the threat.
Understanding Padded Cells
A
padded cell
system is similar to a honeypot, but it performs intrusion isolation using a
different approach. When an IDPS detects an intruder, that intruder is automatically trans-
ferred to a padded cell. The padded cell has the look and feel of an actual network, but the
attacker is unable to perform any malicious activities or access any confidential data from
within the padded cell.
The padded cell is a simulated environment that offers fake data to retain an intruder’s
interest, similar to a honeypot. However, the IDPS transfers the intruder into a padded
cell without informing the intruder that the change has occurred. In contrast, the attacker
chooses to attack the honeypot directly, without being transferred to the honeypot by the
IDPS. Administrators monitor padded cells closely and use them to detect and observe
attacks. They can be used by security professionals to detect methods and to gather evi-
dence for possible prosecution of attackers. Padded cells are not commonly used today but
may still be on the exam.
Warning Banners
Warning banners inform users and intruders about basic security policy guidelines. They
typically mention that online activities are audited and monitored, and often provide
reminders of restricted activities. In most situations, wording in banners is important
from a legal standpoint because these banners can legally bind users to a permissible set of
actions, behaviors, and processes.
Unauthorized personnel who are somehow able to log on to a system also see the warn-
ing banner. In this case, you can think of a warning banner as an electronic equivalent of
a “no trespassing” sign. Most intrusions and attacks can be prosecuted when warnings
clearly state that unauthorized access is prohibited and that any activity will be monitored
and recorded.

Implementing Detective and Preventive Measures
765
Warning banners inform both authorized and unauthorized users. These
banners typically remind authorized users of the content in acceptable-use
agreements.

Download 19,3 Mb.

Do'stlaringiz bilan baham:

1 ... 707 708 709 710 711 712 713 714 ... 881