Folders named top secret

434	Domain 3.0 • Infrastructure Security

	an abandoned automobile by the side of the road and watching it to see if anyone attempts to burglarize, vandalize, or steal it. It should also be noted that entrapment only applies to the actions of law enforcement or government personnel. A civilian cannot entrap, regardless of how much pressure is exerted on the target to commit the crime. (However, a civilian could be subject to other charges, such as criminal solicitation or criminal conspiracy, for causing someone else to commit a crime.)

The following characteristics are typical of honeypots or honeynets:

www.syngress.com

Topologies and IDS • Chapter 7 435

or log files of no real significance or value—to attract and hold an attacker’s interest long enough to give a backtrace a chance of identi-fying the attack’s point of origin.

The honeypot technique is best reserved for use when a company or organi-zation employs full-time IT security professionals who can monitor and deal with these lures on a regular basis, or when law enforcement operations seek to target specific suspects in a “virtual sting” operation. In such situations, the risks are sure to be well understood, and proper security precautions, processes, and procedures are far more likely to already be in place (and properly practiced). Nevertheless, for organizations that seek to identify and pursue attackers more proactively, hon-eypots and honeynets can provide valuable tools to aid in such activities.

Although numerous quality resources on honeypots and honeynets are avail-able (try searching on either term at www.searchsecurity.techtarget.com), the fol-lowing resources are particularly valuable for people seeking additional

www.syngress.com