Page 1225 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1225

They are often used on honeypot systems to emulate well-known
               operating system vulnerabilities. Attackers seeking to exploit a known

               flaw might stumble across a pseudo flaw and think that they have
               successfully penetrated a system. More sophisticated pseudo flaw
               mechanisms actually simulate the penetration and convince the
               attacker that they have gained additional access privileges to a system.
               However, while the attacker is exploring the system, monitoring and
               alerting mechanisms trigger and alert administrators to the threat.


               Understanding Padded Cells


               A padded cell system is similar to a honeypot, but it performs
               intrusion isolation using a different approach. When an IDPS detects
               an intruder, that intruder is automatically transferred to a padded cell.
               The padded cell has the look and feel of an actual network, but the
               attacker is unable to perform any malicious activities or access any
               confidential data from within the padded cell.

               The padded cell is a simulated environment that offers fake data to

               retain an intruder’s interest, similar to a honeypot. However, the IDPS
               transfers the intruder into a padded cell without informing the
               intruder that the change has occurred. In contrast, the attacker
               chooses to attack the honeypot directly, without being transferred to
               the honeypot by the IDPS. Administrators monitor padded cells
               closely and use them to detect and observe attacks. They can be used
               by security professionals to detect methods and to gather evidence for

               possible prosecution of attackers. Padded cells are not commonly used
               today but may still be on the exam.


               Warning Banners

               Warning banners inform users and intruders about basic security
               policy guidelines. They typically mention that online activities are
               audited and monitored, and often provide reminders of restricted
               activities. In most situations, wording in banners is important from a
               legal standpoint because these banners can legally bind users to a

               permissible set of actions, behaviors, and processes.

               Unauthorized personnel who are somehow able to log on to a system
               also see the warning banner. In this case, you can think of a warning
   1220   1221   1222   1223   1224   1225   1226   1227   1228   1229   1230