PERSONALIZED HONEYPOT FOR DETECTING INFORMATION LEAKS AND SECURITY BREACHES
First Claim
1. A computer-readable medium containing instructions which, when executed by one or more processors disposed in an electronic device, performs a method for associating a resource in a computing environment with a honeypot, the method comprising the steps of:
- providing a facility to a user on a host for defining one or more resources for honeypotting;
associating unique identifiers with respective ones of the honeypotted resources; and
providing the unique identifiers in notifications to a honeypot monitoring functionality arranged for monitoring usage of the honeypotted resources.
2 Assignments
0 Petitions
Accused Products
Abstract
A honeypot in a computer network is configured for use with a wide variety of computing resources that are defined by a network administrator or user which may include desktop and network resources such as address book contacts, instant messaging contacts, active directory user accounts, IP addresses, and files that contain particular content or that are stored in particular locations. The resources may be real for which protection against leakage is desired, or fake to operate as bait to lure and detect malicious attacks. The honeypot is implemented in an extensible manner so that virtually any resource may be honeypotted to apply honeypot benefits to resources beyond static IP addresses in order to improve both the breadth of information leakage prevention and the detection of malicious attacks.
125 Citations
20 Claims
-
1. A computer-readable medium containing instructions which, when executed by one or more processors disposed in an electronic device, performs a method for associating a resource in a computing environment with a honeypot, the method comprising the steps of:
-
providing a facility to a user on a host for defining one or more resources for honeypotting; associating unique identifiers with respective ones of the honeypotted resources; and providing the unique identifiers in notifications to a honeypot monitoring functionality arranged for monitoring usage of the honeypotted resources. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method for remotely configuring a honeypot on a local host that is coupled to a monitoring server on a network, the method comprising the steps of:
-
defining resources for honeypotting on the local host; placing the resources in a honeypot on the local host; and providing notifications to a honeypot monitoring functionality on the server that is arranged for monitoring usage of the resources, the notifications uniquely identifying the resources in the honeypot on the local host. - View Dependent Claims (12, 13, 14, 15, 16)
-
-
17. A method for providing monitoring service of a honeypot on a host, the method comprising the steps of:
-
configuring one or more monitoring servers for monitoring outbound communications between the host and an external network; receiving a notification that identifies a resource that is honeypotted on the host; scanning the outbound communications from the host at the monitoring servers to detect usage of the identified honeypotted resource; and generating an alert when an outbound communication matches the identified honeypotted resource. - View Dependent Claims (18, 19, 20)
-
Specification