The coming year is set to be a busy one for developers looking to protect assets such as dedicated servers from attack by hackers, as several firms have warned the number of hacking attempts is only set to increase. With this in mind, it’s more important than ever to have defenses in place to protect your servers. But, with attacks becoming more and more sophisticated, basic firewalls may not be enough. As a result, some developers are turning to more unorthodox means of keeping their data safe, with one increasingly common strategy to salt their servers with fake data to frustrate hackers.
Deception
The Washington Post reports many companies are turning to specialists who can plant ‘bait data’ such as bogus username and passwords and phony system configuration files. Anyone who accesses this fake data can be monitored, with their location recorded and tactics analyzed in order to provide companies with better information about how to defend their genuine digital assets. Michael DuBose, a former chief of the US Justice Department’s Computer Crime and Intellectual Property Section who now handles cyber-investigations for Kroll Advisory Solutions, told the news provider this is likely to become a more common strategy as firms look to be more proactive with their security. “Companies are tired of playing defense,” he said. “They want to feel like they actually can fight back. Most of us in the industry agree that we ought to push the envelope to protect the rights and properties of US businesses.”
Legal minefield
However, firms have been warned to be wary of how they use deceptive techniques, as in many jurisdictions there are grey areas regarding what is legally allowed. While tactics such as planting fake data are generally legal, using information gained from this to go on the offensive – such as by using it to disrupt hackers’ own servers – may violate local laws. However, fake data alone can be a highly effective method of dissuading attackers, it was noted. Columbia University computer science professor Salvatore Stolfo told the Washington Post: “If the hackers have to expend a lot of energy and effort figuring out what’s real and what’s not, they’ll go elsewhere.”