HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 53 guests online
EH-Net News Feeds
Latest Additions
 
Advertisement

You are here: Home arrow Forum arrow Ethical Hacking Discussions and Related Certificationsarrow Network Pen Testingarrow CEH - Certified Ethical Hackerarrow CEH question
EH-Net
May 25, 2012, 09:56:41 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Advertise on EH-Net!! - Reasonable Rates, Highly Targeted Audience.
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: CEH question  (Read 3414 times)
0 Members and 1 Guest are viewing this topic.
satish.lx
Newbie
*
Offline Offline

Posts: 16


View Profile
« on: June 21, 2010, 06:33:00 PM »
QUESTION
Ron has configured his network to provide strong perimeter security. As part of his network architecture,
he has included a host that is fully
exposed to attack. The system is on the public side of the demilitarized zone, unprotected by a firewall or
filtering router. What would you call such a host?

A.Honeypot
B.DMZ host
C.DWZ host
D.Bastion Host


What is the answer of this question ? and why ?
Logged
BillV
Hero Member
*****
Offline Offline

Posts: 1830


View Profile WWW
« Reply #1 on: June 21, 2010, 07:01:31 PM »
edit: I stand corrected, The answer should be D) Bastion Host

There is not enough information to clearly say it is a honeypot, but a system placed in the position described would be a bastion host. Reference wherever this question came from, as their definition of either should give you the proper answer

Ron has configure a network with strong perimeter security and included a system that is exposed to attack.

EC-Council definition of a honeypot:

Quote
Honeypots are computers or virtual appliances, setup up as vulnerable systems, designed to detect, deflect, or in some manner counteract attempts by unauthorized individuals to penetrate a network system. This preventive measure is used to learn the language of attackers and other intruders, and to adopt security measures in keeping with their intrusion tools and techniques. The goal of setting up a honeypot is to divert an attack to a softer target and allow that system to be probed, attacked, and potentially exploited. By having honeypots on the network an administrator can gain enormous amounts of information about how a malicious hacker can gain access to systems. Security improvements can occur by knowing the tools that intruders use. This data allows system administrators to build countermeasures against these activities. [1]

It's not a DMZ host, because it's not in the DMZ. It's not a DWZ host, because.. well, what is a DWZ? It's possible that it could be a bastion host (and you could argue that a honeypost is a sub-category of a bastion host) but the question doesn't make reference to the system in question being hardened. It says it is left unprotected and exposed, thus leaving us with a honeypot.

[1] Vol 5. of 5, Secure Network Infrastructures: 3-3 - EC-Council Press
« Last Edit: June 23, 2010, 03:05:23 PM by BillV » Logged
h0rdakk
Jr. Member
**
Offline Offline

Posts: 91



View Profile
« Reply #2 on: June 23, 2010, 10:10:58 AM »
I would say Bastion Host. The question mentions nothing on making the machine vulnerable to lure attackers, so I would not say it would be a honeypot. A bastion host is supposed to be a hardened system with increased exposure.

ok, I answer from the safe side cos I remember this question (I think it was in Gregg's Prep Exam Guide). I had also answered "honeypot". But it was wrong.

And I agreed. Because other than its exposure, nothing else indicates it being a honeypot. In general, it is a rather misleading question.

 
Logged
http://h0rdakk.wordpress.com/

“The effort of using machines to mimic the human mind has always struck me as rather silly. I would rather use them to mimic something better.”

-Edsger Dijkstra
geekyone
Full Member
***
Offline Offline

Posts: 177



View Profile
« Reply #3 on: June 23, 2010, 01:07:49 PM »
I agree the question is very misleading.  On first reading it I agreed with BillV but after a thorough reading I think Hordakk is right and the correct answer is Bastion Host.  Since the question doesn't really say it is designed to lure in attackers (although that could be implied in the "fully exposed" statement).

However having said that I know BillV is heavily involved with EC-Council and the CEH.  I would probably take his answer as more in line with EC-Council thinking.  After all, as anyone who has taken the CISSP will agree with me, it isn't always the right answer it is the answer they want.
Logged
CISSP, CEH, GPEN, GCIH, GCFA
BillV
Hero Member
*****
Offline Offline

Posts: 1830


View Profile WWW
« Reply #4 on: June 23, 2010, 03:01:47 PM »
I agree, it is a goofy question. It's obviously one of the two and there's not enough information to clearly say what it is.

As you've pointed out, you'd expect it to say something about luring in an attack (and thus it'd be a honeypot) or being hardened (bastion host).

You both are probably right. Bastion host is probably a better answer in this case. I jumped too quickly Embarrassed I just looked for a quick answer in the CEH books I had nearby and couldn't find any reference to a bastion host for some reason, but I did see the quoted stuff about a honeypot. If this came from the Gregg book, then it's most likely from the v4 courseware.
Logged
j0rDy
Hero Member
*****
Offline Offline

Posts: 578


View Profile
« Reply #5 on: June 24, 2010, 04:33:20 AM »
giving the material provided by EC-council, i would go for honeypot. As far as i can remember, the term bastion host is never mentioned in the course materials, so it would be a weird correct answer giving the above fact? i also trip over the sentence: he has included a host that is fully exposed to attack. this clearly states a honeypot, but additional information like: the behaviour of the server is closely monitored or something.
Logged
ISC2 Associate, CEH, OSCP, OSWP

earning my stripes appears to be a road i must travel alone...with a little help of EH.net
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.16 | SMF © 2011, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.088 seconds with 24 queries.
 

gk_static-ad_feb2012.jpg
Global Knowledge: Build Security Skills to Protect & Defend

els_130x200fixed2.gif
eLearnSecurity Student Course Now Live!
5% Off with Code
ELS-EH-5

SANS Deals 4 EH-Netters
$150 OFF Any SANS Course in Any Format!
Coupon Code: EHN_Connect Including SANS Security West 2012 & SANSFIRE 2012
Recent Forum Topics

cbtnuggets_logo_125.jpg
Try CBT Nuggets Free!

Vote For EH-Net

Add to Technorati Favorites
technorati fave

 
         
Advertisement

© 2012 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.