Back to Security Pattern Catalog




Minefield


Classification Key : Security Pattern Space

Problem

An attacker who knows how the system works internally has an advantage over someone who has to go through reconnaissance activities. Normally COTS (Commercial off the Shelf) components are used to implement some security mechanism. But the COTS components are available for the attackers to analyze and therefore using them would expose the internal workings of the system to the attackers. How can the internal workings of COTS components be hidden from the attacker ?

Solution

Customize variations in the system to make them different from regular security implementation. Limit the modifications as they do not defeat the purpose itself.

Known Uses

Tripwire for Web pages. The Deception Toolkit.

Source

Kienzle et. al. Repository

Tags

Variation, Attack Prevention


 

Last modified: May 05, 2012

Conceived and Maintained by: Munawar Hafiz