Honeytoken

Last updated

Honeytokens are fictitious words or records that are added to legitimate databases. They allow administrators to track data in situations they wouldn't normally be able to track, such as cloud-based networks. [1] If data is stolen, honeytokens allow administrators to identify who it was stolen from or how it was leaked. If, for example, there are three locations for medical records, different honeytokens in the form of fake medical records could be added to each location. Different honeytokens would be in each set of records. [2]

Contents

The uniqueness of honeytokens enables their use in an intrusion-detection system (IDS) as it searches for suspicious activity on a computer network, alerting the system administrator to things that would otherwise go unnoticed. While firewalls can only catch threats that have not yet entered a network, honeytokens can mark threats that slipped past a firewall. [3] Honeytokens can be read by a reactive security mechanism to intercept malicious activity, e.g. by dropping packets at the router if they contain the honeytoken. However, such mechanisms have pitfalls; for example, if a honeytoken is poorly chosen so that it appears by chance in legitimate network traffic, those packets will be dropped too.

In the field of computer security, honeytokens are honeypots that are not computer systems. Their value lies not in their use, but in their abuse. As such, they are a generalization of such ideas as the honeypot and the canary values often used in stack protection schemes. Honeytokens do not necessarily prevent tampering with the data, but instead give the administrator a further measure of confidence in the data integrity.

The term was first coined by Augusto Paes de Barros in 2003. [4] [5]

Uses

Honeytokens can exist in many forms, from a fake account to a database entry that would only be selected by malicious queries. A particular example of a honeytoken is a fake email address inserted into a mailing list to track whether the list has been stolen. [6] [7]

See also

References

  1. Honeytokens and honeypots for web ID and IH
  2. White Paper: "Honeypot, Honeynet, Honeytoken: Terminological issues"
  3. Abdel-Basset, Mohamed; Gamal, Abduallah; Sallam, Karam M.; Elgendi, Ibrahim; Munasinghe, Kumudu; Jamalipour, Abbas (2022). "An Optimization Model for Appraising Intrusion-Detection Systems for Network Security Communications: Applications, Challenges, and Solutions". Sensors. 22 (11): 4123. Bibcode:2022Senso..22.4123A. doi: 10.3390/s22114123 . ISSN   1424-8220. PMC   9185350 . PMID   35684744.
  4. DLP and honeytokens
  5. IDS: RES: Protocol Anomaly Detection IDS – Honeypots
  6. Has my mailing list been stolen? | Plynt Security Testing Learning Center
  7. "Why Honeytokens Are the Future of Intrusion Detection". The Hacker News. Retrieved 2023-08-16.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.