Visible to the public Biblio

Filters: Keyword is deception based information security  [Clear All Filters]
2020-05-15
Fraunholz, Daniel, Schotten, Hans D..  2018.  Defending Web Servers with Feints, Distraction and Obfuscation. 2018 International Conference on Computing, Networking and Communications (ICNC). :21—25.

In this paper we investigate deceptive defense strategies for web servers. Web servers are widely exploited resources in the modern cyber threat landscape. Often these servers are exposed in the Internet and accessible for a broad range of valid as well as malicious users. Common security strategies like firewalls are not sufficient to protect web servers. Deception based Information Security enables a large set of counter measures to decrease the efficiency of intrusions. In this work we depict several techniques out of the reconnaissance process of an attacker. We match these with deceptive counter measures. All proposed measures are implemented in an experimental web server with deceptive counter measure abilities. We also conducted an experiment with honeytokens and evaluated delay strategies against automated scanner tools.