SoylentNews is people
SoylentNews
Honey pots and canaries are used increasingly now. They, especially the latter, can trigger an alarm once particular segments of an infrastructure are breached or under specific types of attack. However, dedicated honey pots are complex systems and require a lot of set up, maintenance, and monitoring to be of any use and not just liabilities. One way out might be to just scatter some fake SSH keys about the infrastructure and tie them to alarms. The question remains how useful they would be in practice.
The thought behind honey keys is similar to Honeywords, a concept published a while ago to help identify attempts to use data collected in breaches to gain unauthorized access to a user account. In our case, the attacker attempts to authenticate with the honey key, the action is logged (or another action chosen by the defender) and an alarm is sounded for use of the key.
Fortunately, the authorized_keys format permits an rarely[sic] used options field that aids greatly in this attempt.
(Score: 0) by Anonymous Coward on Thursday May 09 2019, @02:41PM
'low' is relative to the investment typically required for honeypots, the only way for low investment honeypots to not exist is if all honeypot costs are either average or above average, the only way for this to be true is if all honeypots have effectively the same cost, and this isn't the case, therefore low investment honeypots exist.