Lance wants to place a honeypot on his network. Which of the following would be your recommendations?
Lance wants to place a honeypot on his network. Which of the following would be your recommendations?
To effectively use a honeypot, it should be placed in the DMZ (demilitarized zone). This area is isolated from the internal network and situated between the external internet and the firewall. Placing the honeypot in this location allows it to attract and detect malicious activity without posing a significant risk to the internal network. This setup provides a safe environment to study attacks and gather valuable information about potential threats originating from the internet.
The answer is C, this is infosec 101 here. Honeypots should *always* be placed in the DMZ.
C is the answer
C makes sense here
C makes sense here
Can anyone shed light on what the heck this means? What replies? The advice a professional would give someone about placing a honeypot on the network is that, "it doesn't matter"... I guess advice is only as good as the price paid for it?
The C does not make sense from a targeted attack standpoint, because if you place the system outside the security perimeter you are gonna get bombarded with automated attacks, bots and all the nasty things in the wild. It makes more sense to place it at least behind the edge firewall protecting you from Martian IPs and common threats. So, if someone bypasses the first layer of security you have the trap setup up there. The most correct answer will be D, not because it makes sense, but because is the only one that holds truth
How current is are the questions? I am writing CHFI next month
Placing a honeypot in the demilitarized zone (DMZ) of your network, which is a semi-isolated area between the internal network and the external internet, can help detect and study attacks originating from the internet. These honeypots are often referred to as "external honeypots." --> Use it on a system in an external DMZ in front of the firewall
In the DMZ, a honeypot can be monitored from a distance while attackers access it, minimizing the risk of the main network being breached. Honeypots may also be put outside the external firewall, facing the internet, to detect attempts to enter the internal network.