Active defence¶
Adding active defence we can perhaps slow down adversaries and make hacking our devices and (small) networks more difficult and costly.
- Honeypots or honeynets can be used to attract attackers, record the actions of adversaries, and alert administrators of breaches.
- Honeyclients mimic the behaviour of a user-driven network client application, such as a web browser or chat app, while getting attribution on the adversary.
- Honeyports create a fake listening port on an external facing real but non-important server that are favourite port for remote attacks, like telnet or ssh.
Which one to choose and why? Learning from the inquiry-based choices made by security people in corporations, and the development roadmaps of honeypots, we can make active defence design choices for @home and @NGO contexts.