Response
Okay, let’s say one of your honeypots detects an attack and sends out an alert. Now what? How does your organization respond? Who is supposed to do what? There are a variety of options you can take. You can sit back and let the attacker proceed, gaining as much information as possible. You can quickly react, attempting to track down the blackhat. You can immediately shut her out at the firewall, protecting your resources. There are numerous different ways your organization can react. It is critical that how you react is decided ahead of time. This ensures that the reaction process happens quickly and properly. The faster you respond to an alert, the greater the honeypot’s value. However, a fast but incorrect response can cause more ...
Get Honeypots: Tracking Hackers now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
