Welcome to the land of confusion and misdirection! Today, we are diving into the four pieces of deception technology that Rapid7 offers through our incident detection and response tool, InsightIDR. These include honeypots, honey users, honey files, and honey credentials.
To be clear, all of these features and add-ons are under the guise that the attacker has already breached the perimeter and is now looking deeper inside for loot such as personal identifiable information, personal health information, passwords or usernames, etc.
None of these pieces rely on the other, and all can be implemented individually as well as together. Deploying some or all of these features will bring the most benefit and visibility for many common attack vectors.
When deploying any of these features, creativity and Kung Fu trickery is the name of the game, and the best will normally win! Read on as we go through each feature in detail and give you a few ideas for how to get started.
Honeypots
Honeypots are virtual appliances that run on Ubuntu 18.04 LTS and are hardened to CIS standards. Honeypots come included in InsightIDR, and the product does not limit how many honeypots you can deploy within your environment. Knowing this, we recommend that you deploy as many as feasible in as many various subnets as possible, such as placing them in the DMZ, various VLANs around the network, Userland, and anywhere you want more visibility as far as network enumeration and active reconnaissance go.
These devices are imitating ..
Support the originator by clicking the read the rest link below.
