1 YEAR UPGRADE
BUYER PROTECTION PLAN
™
ce Site
our E-commer
Y
The Only Way to Stop a Hacker Is to Think Like One
• Step-by-Step Instructions for Securing Financial Transactions
and Implementing a Secure E-Commerce Site
• Hundreds of Tools & Traps and Damage & Defense Sidebars
and Security Alerts!
• Complete Coverage of How to Hack Your Own Site
Ryan Russell
Teri Bidwell
Oliver Steudler
Robin Walshaw
From the authors
L. Brent Huston Technical Editor
of the best-selling
HACK PROOFING™ YOUR NETWORK
[email protected]
With more than 1,500,000 copies of our MCSE, MCSD, CompTIA, and Cisco
study guides in print, we continue to look for ways we can better serve the
information needs of our readers. One way we do that is by listening.
Readers like yourself have been telling us they want an Internet-based ser-
vice that would extend and enhance the value of our books. Based on
reader feedback and our own strategic plan, we have created a Web site
that we hope will exceed your expectations.
[email protected] is an interactive treasure trove of useful infor-
mation focusing on our book topics and related technologies. The site
offers the following features:
s One-year warranty against content obsolescence due to vendor
product upgrades. You can access online updates for any affected
chapters.
s “Ask the Author”™ customer query forms that enable you to post
questions to our authors and editors.
s Exclusive monthly mailings in which our experts provide answers to
reader queries and clear explanations of complex material.
s Regularly updated links to sites specially selected by our editors for
readers desiring additional reliable information on key topics.
Best of all, the book you’re now holding is your key to this amazing site.
Just go to www.syngress.com/solutions, and keep this book handy when
you register to verify your purchase.
Thank you for giving us the opportunity to serve your needs. And be sure
to let us know if there’s anything else we can do to help you get the max-
imum value from your investment. We’re listening.
www.syngress.com/solutions
1 YEAR UPGRADE
BUYER PROTECTION PLAN
™
rce Site
Your E- comme
The Only Way to Stop a Hacker is to Think Like One
Syngress Publishing, Inc., the author(s), and any person or firm involved in the writing, editing, or production
(collectively “Makers”) of this book (“the Work”) do not guarantee or warrant the results to be obtained from
the Work.
There is no guarantee of any kind, expressed or implied, regarding the Work or its contents.The Work is sold
AS IS and WITHOUT WARRANTY.You may have other legal rights, which vary from state to state.
In no event will Makers be liable to you for damages, including any loss of profits, lost savings, or other inci-
dental or consequential damages arising out from the Work or its contents. Because some states do not allow
the exclusion or limitation of liability for consequential or incidental damages, the above limitation may not
apply to you.
You should always use reasonable case, including backup and other appropriate precautions, when working
with computers, networks, data, and files.
Syngress Media®, Syngress®, and “Career Advancement Through Skill Enhancement®,”are registered trademarks
of Syngress Media, Inc. “Ask the Author™,”“Ask the Author UPDATE™,”“Mission Critical™,” and “Hack
Proofing™” are trademarks of Syngress Publishing, Inc. Brands and product names mentioned in this book are
trademarks or service marks of their respective companies.
KEY SERIAL NUMBER
001 AERAF43495
002 VNA49FU4FJ
003 CAKL3956FM
004 BNA424TURT
005 BNTUR495QF
006 596JFA3RRF
007 Y745T9TBLF
008 QW5VCD986H
009 BN3TE5876A
010 NVA384NHS5
PUBLISHED BY
Syngress Publishing, Inc.
800 Hingham Street
Rockland, MA 02370
Hack Proofing Your E-Commerce Site
Copyright © 2001 by Syngress Publishing, Inc. All rights reserved. Printed in the United States of America.
Except as permitted under the Copyright Act of 1976, no part of this publication may be reproduced or dis-
tributed in any form or by any means, or stored in a database or retrieval system, without the prior written
permission of the publisher, with the exception that the program listings may be entered, stored, and executed
in a computer system, but they may not be reproduced for publication.
Printed in the United States of America
1 2 3 4 5 6 7 8 9 0
ISBN: 1-928994-27-X
Technical edit by: L. Brent Huston Copy edit by: Darren Meiss and Beth A. Roberts
Technical review by: Kevin Ziese Freelance Editorial Manager: Maribeth Corona-Evans
Co-Publisher: Richard Kristof Index by: Robert Saigh
Developmental Editor: Kate Glennon Page Layout and Art by: Shannon Tozier
Acquisitions Editor: Catherine B. Nolan
Distributed by Publishers Group West in the United States.
Acknowledgments
We would like to acknowledge the following people for their kindness and support
in making this book possible.
Richard Kristof and Duncan Anderson of Global Knowledge, for their generous
access to the IT industry’s best courses, instructors and training facilities.
Ralph Troupe, Rhonda St. John, and the team at Callisma for their invaluable insight
into the challenges of designing, deploying and supporting world-class enterprise
networks.
Karen Cross, Lance Tilford, Meaghan Cunningham, Kim Wylie, Harry Kirchner, Bill
Richter, Kevin Votel, and Brittin Clark of Publishers Group West for sharing their
incredible marketing experience and expertise.
Mary Ging, Caroline Hird, Simon Beale, Caroline Wheeler,Victoria Fuller, Jonathan
Bunkell, and Klaus Beran of Harcourt International for making certain that our
vision remains worldwide in scope.
Anneke Baeten, Annabel Dent, and Laurie Giles of Harcourt Australia for all
their help.
David Buckland,Wendi Wong, Daniel Loh, Marie Chieng, Lucy Chong, Leslie Lim,
Audrey Gan, and Joseph Chan of Transquest Publishers for the enthusiasm with
which they receive our books.
Kwon Sung June at Acorn Publishing for his support.
Ethan Atkin at Cranbury International for his help in expanding the Syngress
program.
Joe Pisco, Helen Moyer, and the great folks at InterCity Press for all their help.
v
Contributors
Ryan Russell (CCNA, CCNP) is the best-selling author of Hack
Proofing Your Network: Internet Tradecraft (ISBN: 1-928994-15-6). He is MIS
Manager at SecurityFocus.com, has served as an expert witness on secu-
rity topics, and has done internal security investigation for a major soft-
ware vendor. Ryan has been working in the IT field for over 11 years, the
last 6 of which have been spent primarily in information security. He has
been an active participant in various security mailing lists, such as
BugTraq, for years. Ryan has contributed to four Syngress titles on the
topic of networking. He holds a Bachelors of Science degree in
Computer Science. Ryan wishes to thank Karen Mathews at the U.S.
Department of Energy for her assistance in preparing Chapter 10.
Mark S. Merkow (CCP) has been an Information Systems professional
since 1975, working in a variety of industries. For the last 12 years he has
been working for a Fortune 50 financial services company in Phoenix,
AZ. Mark holds a Masters in Decision and Information Systems from
Arizona State University’s College of Business and is completing his
Masters of Education in Educational Technology at ASU’s College of
Education, specializing in developing distance learning courses.Today he
serves as an e-commerce Security Advisor working with both internal
and external Web designers and developers. Mark has authored or co-
authored six books on computer technology since 1990, including
Breaking Through Technical Jargon, Building SET Applications for Secure
Transactions, Thin Clients Clearly Explained, Virtual Private Networks For
Dummies, A Complete Guide to Internet Security, and The ePrivacy Imperative.
In addition, Mark is a computer columnist for several local, national, and
international print publications, along with an e-zine hosted
at Internet.com.
Robin Walshaw (MCSE, DPM), author of Mission Critical Windows
2000 Server Administration (ISBN: 1-928994-16-4), is an independent
consultant who architects security and infrastructure solutions for large
vii
corporations around the globe. By applying a combination of sound busi-
ness sense and technical insight, Robin is able to design and deliver scal-
able solutions targeted at enabling the enterprise to effectively leverage
technology.With a flair for developing strategic IT solutions for diverse
clients, he has worked in the world of computers in 8 countries, and has
traveled to over 30 in the last 10 years. A veteran of numerous global pro-
jects, Robin has honed his skills across a wide variety of businesses, plat-
forms, and technologies. He has managed to scratch his head and look
slightly confused in the world of security, network operating systems,
development, and research.
Having traversed the globe and seen its many beautiful wonders,
Robin is still captivated by the one thing that leaves him breathless—
Natalie, his wife. She is a light against the darkness, a beauty whose smile
can melt even the coldest heart.
Teri Bidwell (GCIA) has been involved in Internet security for over 10
years as an analyst, engineer, and administrator and is a SANS-Certified
GCIA Intrusion Analyst. Her career began securing Unix networks at the
University of Colorado and continued as a Cisco network engineer and
DNS manager for Sybase, Inc.Today,Teri is a security analyst for a firm
headquartered in Reston,VA. She is a key contributor to corporate secu-
rity strategy and is an advisor for e-business development. Her specialties
include policy creation, vulnerability assessment, penetration testing, and
intrusion detection for corporate environments.
Teri received a Computer Science degree from the University of
Colorado and sits on the SANS GCIA Advisory Board. She currently
lives and works in Boulder, CO with her family, Clint,Wes, and Michael.
Michael Cross (MCSE, MCP+I, CNA) is a Microsoft Certified System
Engineer, Microsoft Certified Product Specialist, Microsoft Certified
Professional + Internet, and a Certified Novell Administrator. Michael is
the Network Administrator, Internet Specialist, and a Programmer for the
Niagara Regional Police Service. He is responsible for network security
and administration, programming applications, and is Webmaster of their
Web site at www.nrps.com. He has consulted and assisted in computer-
related/Internet criminal cases, and is part of an Information Technology
viii
team that provides support to a user base of over 800 civilian and uniform
users. His theory is that when the users carry guns, you tend to be more
motivated in solving their problems.
Michael owns KnightWare, a company that provides consulting, pro-
gramming, networking,Web page design, computer training, and other
services. He has served as an instructor for private colleges and technical
schools in London, Ontario Canada. He has been a freelance writer for
several years and has been published over two dozen times in books and
anthologies. Michael currently resides in St. Catharines, Ontario Canada
with his lovely fiancée Jennifer.
Oliver Steudler (CCNP, CCDP, CSE, CNE) is a Senior Systems
Engineer at iFusion Networks in Cape Town, South Africa. Oliver spe-
cializes in routing, switching, and security and has over 10 years of experi-
ence in consulting, designing, implementing, and troubleshooting
complex networks. He has written articles on TCP/IP, networking, secu-
rity, and data communications and also co-authored another Syngress title,
Managing Cisco Network Security (ISBN: 1-928994-17-2).
Kevin Ziese is a computer scientist at Cisco Systems, Inc. Prior to
joining Cisco, he was a senior scientist and founder of the Wheelgroup
Corporation, which was acquired by Cisco Systems in April of
1998. Before founding the Wheelgroup Corporation, he was Chief of the
Advanced Countermeasures Cell at the Air Force Information Warfare
Center.
ix
Technical Editor
and Contributor
L. Brent Huston earned his Associate of Applied Science degree in
Electronics at DeVry Technical Institute (Columbus, Ohio) in 1994. He
has more than 10 years of experience in IT, mostly in the areas of cyber
security testing, network monitoring, scanning protocols, firewalls, viruses
and virus prevention formats, security patches, and hacker techniques. As
President and CEO of his own information security company,
MicroSolved, Inc., he and his staff have performed system and network
security-consulting services for Fortune 500 companies and all levels of
governmental facilities. He is well versed in the use and implementation
of all the major security tools and appliances. In the past, Brent developed
“Passys”—a passive intrusion detection system for Unix and has also iden-
tified previously unknown security vulnerabilities in Ascom routers,
Windows NT, and Linux operating systems.
Brent is an accomplished computer and information security speaker
and has published numerous white papers on security-related topics.
Recently he was involved in the laboratory testing of major firewall appli-
ances at his company’s central Ohio facilities.This testing was to prove the
worthiness of each appliance as well as possible vulnerabilities that had
not as yet been established by their parent companies. He reported his
results both to the individual product companies and at a national security
industry presentation. Brent is also currently engaged with the Office of
Independent Oversight and Performance Assurance in Columbus, OH.
He was responsible for designing and implementing a state-of-the-art
cyber security testing and research lab for this office and several DOE
national laboratories have utilized his expertise to perform network pene-
tration and detection services. Such services have required a high security
clearance from Brent. Brent is an Internet Security Systems Certified
Engineer, Sidewinder Firewall Certified Administrator, IBM Secure
Network Gateway Certified Administrator, and Phoenix Firewall
Certified Administrator.
x
Contents
Understand the Goals
of Security in the
Commerce Process
Foreword xxv
s Protect the privacy of Chapter 1 Applying Security
the consumer at the Principles to Your E-Business 1
point of purchase.
Introduction 2
s Protect the privacy of
the customers’ Security as a Foundation 3
information while it is Confidentiality 3
stored or processed. Integrity 4
s Protect the Availability 4
confidential identity of
customers, vendors, Presenting Security As More Than
and employees. a Buzzword 6
s Protect the company The Goals of Security in E-Commerce 9
from waste, fraud, and
abuse.
Planning with Security in Mind 10
s Protect the Security during the Development Phase 13
information assets of Implementing Secure Solutions 14
the company from Managing and Maintaining Systems in
discovery and
disclosure.
a Secure Environment 15
s Preserve the integrity Applying Principles to Existing Sites 20
of the organization’s It All Starts with Risk 21
information assets. Fix the Highest Risks First 22
s Ensure the availability
of systems and
Management and Maintenance during
processes required for the Patching Process 23
consumers to do Impact of Patching on Production
business with the
Systems 24
company.
s Ensure the availability
The Never-Ending Cycle of Change 25
of systems and Developing a Migration Plan 26
processes required for How to Justify a Security Budget 27
the company to do
business with its
The Yardstick Approach 27
vendors and partners.
xi
xii Contents
A Yardstick Approach Case Study 29
Possible Results of Failure 30
The Fear Tactic Approach 31
A Fear Tactic Approach Case Study 32
Possible Results of Failure 34
Security as a Restriction 35
Security as an Enabler 36
Summary 38
Solutions Fast Track 39
Frequently Asked Questions 43
Chapter 2 DDoS Attacks:
Intent, Tools, and Defense 45
Damage & Defense Introduction 46
Sidebars Provide You What Is a DDoS Attack? 47
with Additional
Laying the Groundwork: DoS 48
Information on
Minimizing Risk Resource Consumption Attacks 50
Malformed Packet Attacks 57
Anatomy of a DDoS attack 60
Damage & Defense… The Attacks of February 2000 63
Configuration Why Are E-Commerce Sites Prime Targets
Management
One method of instigating
for DDoS? 67
a DoS is by altering the A Growing Problem 68
configuration of key How the Media Feeds the Cycle 69
devices such as routers
and servers. Routing
What Motivates an Attacker to Damage
tables, registry databases, Companies? 70
and UNIX configuration Ethical Hacking: A Contradiction in Terms? 70
files are just a few of the
Hacktivism 72
potential configuration
databases that can be Fifteen Minutes of Fame 72
used against a business. It Hell Hath No Fury Like a Hacker Scorned 73
goes without saying, then, Show Me the Money! 73
that all Internet-facing
devices should undergo Malicious Intent 74
strict change control What Are Some of the Tools Attackers Use
procedures and that a to Perform DDoS Attacks? 75
backup of the last known
good configuration Trinoo 76
should be available on Understanding How Trinoo Works 76
Contents xiii
TFN2K:The Portable Monster 78
Understanding How TFN2K Works 78
Stacheldraht—A Barbed-Wire Offensive 81
Understanding How Stacheldraht Works 81
More DDoS Families 86
How Can I Protect My Site against These
Types of Attacks? 87
Basic Protection Methods 90
Using Egress Rules to Be a
Better “Net Neighbor” 95
Defending against the SYN’s of
Know What You May the Internet 99
Be Giving Away in Methods for Locating and Removing
Your HTML Code Zombies 103
Summary 109
Each hidden tag can be
Solutions Fast Track 111
used with forms on your Frequently Asked Questions 117
site and includes a name
and a value. When the Chapter 3 Secure Web Site Design 119
form is submitted, the Introduction 120
name and value in the
hidden field is included
Choosing a Web Server 121
with the results. For Web Server versus Web Service 121
example, the following Factoring in Web Servers’ Cost and
line of code shows an
Supported Operating Systems 122
input value of $100.00
associated with a variable Comparing Web Servers’ Security Features 127
called "cost." Authentication 127
Using CGI Applications 134
Using a text editor or Security Features Side By Side 134
HTML editing program, a
hacker could alter the
The Basics of Secure Site Design 143
value so that the value is Creating a Security Plan 143
changed to a lower Protecting against Internal Threats 145
amount. For example, the
$100.00 could be changed
Adding Security Tiers beyond the
to $1.00. This would allow Web Server 146
buyers to purchase Apache versus Internet Information Services 149
products at a significantly
reduced amount.
Installation:The First Step 151
xiv Contents
Installing and Configuring Apache 152
Installing and Configuring Internet
Information Server 5.0 164
Windows 2000 Server and Internet
Information Server 5.0 Security 168
Hardening the Server Software 173
Install Patches 174
Disable Unneeded Ports, Services, and
Components 174
Delete Unneeded Scripts and Files 175
Hardening the Overall System 176
Password Hacking and Analysis Tools 178
Web Design Issues Dealing with HTML
Code 183
Information in HTML Code 183
Using Server Side Includes (SSI) in
HTML Code 186
Guidelines for Java, JavaScript, and Active X 189
Understanding Java, JavaScript, and
ActiveX—and the Problems They
May Cause 189
Preventing Problems with Java,
JavaScript, and ActiveX 191
Programming Secure Scripts 196
Code Signing: Solution or More Problems? 199
Understanding Code Signing 199
The Strengths of Code Signing 200
Problems with the Code Signing Process 201
Should I Outsource the Design of My Site? 202
Understanding the Required Skills 203
Pros and Cons of Outsourcing Design Work 204
Workload 204
Security 205
Contracts and Cost 206
No Matter Who Designs It, Double-Check
before You Implement It 207
Contents xv
Summary 209
Solutions Fast Track 210
Frequently Asked Questions 214
Chapter 4 Designing and Implementing
Security Policies 219
Introduction 220
Why Are Security Policies Important to an
E-Commerce Site? 220
Learn How to Produce a What Is a Security Policy? 221
Security Policy Value versus Risk 222
Security versus Services Provided 223
Cost of Security versus Cost of Not
New Security
Issue
Identify Key
Stakeholders Having Security 224
Policy Review
Where Do I Begin?
Conduct
225
Procedure Review
Research
What Elements Should My Security Policy
Workshop
Baseline Policy Address?
Solicit
Feedback
228
Confidentiality and Personal Privacy Policies 230
Edit
Draft
Policy
Requirements for Authentication 231
Proposed
Requirements for Protecting Customer
Policy Draft
Information 236
Legal Review
Privacy Policies 239
Information Integrity Policies 240
Final Policy
Draft Quality Assurance Policies 241
Executive
Assuring Information Integrity through
Approval
Technology 244
Availability of Service Policies
Publication
End User
Training
244
Are Prewritten Security Policies Available on
the Net? 246
All Organizations Are Different—and So
Are Their Policies 246
Example Policies and Frameworks 247
A Word about the Outsourcing of Policy
Development 248
How Do I Use My Security Policy to
Implement Technical Solutions? 248
xvi Contents
How Do I Inform My Clients of My
Security Policies? 251
Building Customer Confidence through
Disclosure 252
Security as a Selling Point 253
Summary 254
Solutions Fast Track 255
Frequently Asked Questions 259
Chapter 5 Implementing a Secure
Chapter 5 Answers All
Your Questions About E-Commerce Web Site 261
Implementing a Introduction 262
Secure Site Introduction to E-Commerce Site
Components 262
Implementing Security Zones 264
Q: How do I know if I am Introducing the Demilitarized Zone 266
logging too much or
too little information Multiple Needs Equals Multiple Zones 268
on my systems? Problems with Multi-Zone Networks 271
A: Log the information Understanding Firewalls 272
you feel that you need
to make good
Exploring Your Firewall Options 272
decisions. If you have Designing Your Firewall Rule Set 275
problems sifting It Starts with a “Deny All” Attitude 276
through the logs to
locate issues and you
Common Ports for Common
have had proper Communications 276
training, then you need Converting Pseudo-Code to Firewall
to eliminate the log
Rules 278
entries that you do not
use to make decisions Protocols and Risks: Making Good
or keep those log Decisions 279
entries and use an How Do I Know Where to Place My
automated tool to
select only the entries Components? 280
you are interested in. Profiling Systems by Risk 280
You are logging too Establishing Risk Control Requirements 282
little information if you
do not have a picture Creating Security Zones through
of your systems’ Requirement Grouping 283
operations and your Implementing Intrusion Detection 283
users’ behaviors.
What Is Intrusion Detection? 285
Your Choices in Intrusion Detection 286
Contents xvii
Network-Based IDS 288
Host-Based IDS 290
Example of a Network-Based IDS 292
Example of a Host-Based IDS 293
Managing and Monitoring the Systems 295
What Kind of Management Tasks Can
I Expect to Perform? 295
What Kinds of Monitoring Should I Be
Performing? 296
Basic System Monitoring 298
Monitoring Your Security Devices 299
Log File Management 300
Should I Do It Myself or Outsource My Site? 301
Pros and Cons of Outsourcing Your Site 302
Co-Location: One Possible Solution 303
Selecting an Outsource Partner or ASP 303
Summary 305
Solutions Fast Track 305
Frequently Asked Questions 311
Chapter 6 Securing Financial Transactions 313
Introduction 314
Understanding Internet-Based Payment
Card Systems 315
Credit, Charge, or Debit Cards:What Are
the Differences? 315
Point-of-Sale Processing 317
Differences That Charge Cards
Bring into the Picture 318
Capture and Settlement 319
Steps in an Internet-Based Payment
Card Transaction 321
Toxic Data Lives Everywhere! 325
Approaches to Payments via the Internet 326
Options in Commercial Payment Solutions 327
Commerce Server Providers 328
Braving In-house Resources 329
xviii Contents
Secure Payment Processing Environments 331
Additional Server Controls 335
Controls at the Application Layer 336
Understanding Cryptography 337
Methodology 337
Complete Coverage of
Third Party Merchants' Substitution Method 337
POS Systems. Transposition Method 338
Transposition Example 339
ICVERIFY's features include The Role of Keys in Cryptosystems 342
the following: Symmetric Keys 342
s Importing credit card
Asymmetric Keys 342
transaction data from
other PC applications, Principles of Cryptography 343
such as spreadsheets or Understanding Hashing 344
databases. Digesting Data 345
s Offline group mode to
submit a batch of
Digital Certificates 348
transactions at one CCITT X.509 349
time for authorization. Examining E-Commerce Cryptography 351
s Support for Address
Hashing Functions 351
Verification Systems
(AVSs), Retail AVSs, Block Ciphers 352
CVV2s, and CVC2s to Implementations of PPK Cryptography 352
help reduce fraud due The SSL Protocol 353
to stolen or fraudulent
cards.
Transport Layer Security (TLS) 355
s Data import analysis of Pretty Good Privacy (PGP) 356
files for errors before S/MIME 357
import. Secure Electronic Transactions (SET) 357
XML Digital Signatures 359
Virtual POS Implementation 362
ICVERIFY 362
Alternative Payment Systems 364
Smart-Card-Based Solutions 365
EMV 365
MONDEX 367
Visa Cash 368
The Common Electronic Purse
Specification (CEPS) 369
Proxy Card Payments 369
PayPal 370
Contents xix
Amazon Payments 370
Funny Money 371
Beenz 371
Flooz 371
Summary 372
Solutions Fast Track 373
Frequently Asked Questions 379
Tools & Traps, Security Chapter 7 Hacking Your Own Site 381
Alerts, and Damage & Introduction 382
Defense Sidebars Anticipating Various Types of Attacks 382
Make Sure You Don’t Denial of Service Attacks 382
Miss a Thing:
Information Leakage Attacks 384
File Access Attacks 385
Tools & Traps…Gauge
Your Threat Level with a Misinformation Attacks 386
Honeypot Special File/Database Access Attacks 387
A honeypot (in an Elevation of Privileges Attacks 388
information security
context) is a system that is
Performing a Risk Analysis on Your Site 389
designed to be broken Determining Your Assets 390
into. Setting up a Why Attackers Might Threaten Your Site
honeypot will give you an
opportunity to study
and How to Find Them 392
tactics of attackers and Testing Your Own Site for Vulnerabilities 395
possibly pick up a new Determining the Test Technique 396
attack or two along the
Researching Your Vulnerabilities 399
way. Naturally, the
attacker shouldn’t be Mapping Out a Web Server 407
aware that he has broken Using Automated Scanning Tools 409
into a honeypot, and he Hiring a Penetration Testing Team 414
should think that he’s
gotten into an ordinary Summary 418
machine with no special Solutions Fast Track 419
monitoring. In fact, a Frequently Asked Questions 423
honeypot machine
typically has extensive Chapter 8 Disaster Recovery
monitoring in place
around it, either on the Planning: The Best Defense 425
machine itself or via the Introduction 426
network. In order for the What Is Disaster Recovery Planning? 426
honeypot to be effective,
as much information as Structuring a Disaster Recovery Plan 428
possible must be collected Loss of Data or Trade Secrets 429
about the attacker.