Information Technology Reference
In-Depth Information
9.9.3
IA
2
Perspective
In context of the IA
2
F LoS, security controls are an IA service; deception tech-
niques are a subset of security controls. A honeypot and honeypot variations are
IA mechanisms that fall under detection. In the context of the IA operations cycle,
honeypots fall within defend and monitor.
Camouflage plays a role in physical security, disguising individuals, vehicles,
building, and munitions. Psychological operations include disinformation. Pris-
oner interrogations discern enemy means and methods; supportive intelligence or
supposition provides insight to motive and opportunity. Honeypots and variations
perform the same tasks from a digital perspective. They camouflage real production
operations by presenting a false target to hackers; they may present false informa-
tion under the guise of truth. They discern hacker means and methods by recording
hacker activity. Bottom line, digital deception is a useful architectural construct in
corporate and national security solutions.
9.9.4
Commentary
In addition to the honeypot's distractive and monitoring properties, honeypots may
also provide disinformation. As Winston Churchill so eloquently said, “In wartime,
truth is so precious that it must be surrounded by a bodyguard of lies.” If certain
proprietary information, intellectual property, or national secrets are so important
that adversaries resort to espionage, then an opportunity exists to give them what
they are looking for—or at least what they are led to find—a tricky game to say the
least, but an interesting by-product of an already useful tool.
Caveat:
As an IA architect, be aware that honeypots set up an attractive target and
may draw intruders. Moreover, there is the potential for the claim of entrapment
if the organization chooses legal recourse against the intruder. Honeypots can be
useful, but are not for every organization.
9.10 public Key infrastructure (pKi) and
Certificate Authority (CA)
PKI is an infrastructure for the creation, issuance, revocation, and processing of
public and private encryption keys. The purpose is to bind a set of public and private
keys with a person or device for identity and for privacy purposes when exchanging
data. The public key is shared by way of a digital certificate. The private key is given
only to the requesting entity and not made publicly available. The function of the
private key may be to decrypt a message encrypted by the public key. Another func-
tion of the private key is to identify the sender of a message. Because the sender is
