The Ethical Hacker Network

satish.lx

Newbie

Offline

Posts: 36

CEH question

« on: June 21, 2010, 06:33:00 PM »

QUESTION
Ron has configured his network to provide strong perimeter security. As part of his network architecture,
he has included a host that is fully
exposed to attack. The system is on the public side of the demilitarized zone, unprotected by a firewall or
filtering router. What would you call such a host?

A.Honeypot
B.DMZ host
C.DWZ host
D.Bastion Host

What is the answer of this question ? and why ?


	Logged

BillV

Hero Member

Offline

Posts: 1892

Re: CEH question

« Reply #1 on: June 21, 2010, 07:01:31 PM »

edit: I stand corrected, The answer should be D) Bastion Host

There is not enough information to clearly say it is a honeypot, but a system placed in the position described would be a bastion host. Reference wherever this question came from, as their definition of either should give you the proper answer

Ron has configure a network with strong perimeter security and included a system that is exposed to attack.

EC-Council definition of a honeypot:

Quote

Honeypots are computers or virtual appliances, setup up as vulnerable systems, designed to detect, deflect, or in some manner counteract attempts by unauthorized individuals to penetrate a network system. This preventive measure is used to learn the language of attackers and other intruders, and to adopt security measures in keeping with their intrusion tools and techniques. The goal of setting up a honeypot is to divert an attack to a softer target and allow that system to be probed, attacked, and potentially exploited. By having honeypots on the network an administrator can gain enormous amounts of information about how a malicious hacker can gain access to systems. Security improvements can occur by knowing the tools that intruders use. This data allows system administrators to build countermeasures against these activities. [1]

It's not a DMZ host, because it's not in the DMZ. It's not a DWZ host, because.. well, what is a DWZ? It's possible that it could be a bastion host (and you could argue that a honeypost is a sub-category of a bastion host) but the question doesn't make reference to the system in question being hardened. It says it is left unprotected and exposed, thus leaving us with a honeypot.

[1] Vol 5. of 5, Secure Network Infrastructures: 3-3 - EC-Council Press


« Last Edit: June 23, 2010, 03:05:23 PM by BillV »	Logged

JollyJokker

Guest

Re: CEH question

« Reply #2 on: June 23, 2010, 10:10:58 AM »

I would say Bastion Host. The question mentions nothing on making the machine vulnerable to lure attackers, so I would not say it would be a honeypot. A bastion host is supposed to be a hardened system with increased exposure.

ok, I answer from the safe side cos I remember this question (I think it was in Gregg's Prep Exam Guide). I had also answered "honeypot". But it was wrong.

And I agreed. Because other than its exposure, nothing else indicates it being a honeypot. In general, it is a rather misleading question.


	Logged

geekyone

Full Member

Offline

Posts: 180

Re: CEH question

« Reply #3 on: June 23, 2010, 01:07:49 PM »

I agree the question is very misleading. On first reading it I agreed with BillV but after a thorough reading I think Hordakk is right and the correct answer is Bastion Host. Since the question doesn't really say it is designed to lure in attackers (although that could be implied in the "fully exposed" statement).

However having said that I know BillV is heavily involved with EC-Council and the CEH. I would probably take his answer as more in line with EC-Council thinking. After all, as anyone who has taken the CISSP will agree with me, it isn't always the right answer it is the answer they want.


	Logged

CISSP, CEH, GPEN, GCIH, GCFA

BillV

Hero Member

Offline

Posts: 1892

Re: CEH question

« Reply #4 on: June 23, 2010, 03:01:47 PM »

I agree, it is a goofy question. It's obviously one of the two and there's not enough information to clearly say what it is.

As you've pointed out, you'd expect it to say something about luring in an attack (and thus it'd be a honeypot) or being hardened (bastion host).

You both are probably right. Bastion host is probably a better answer in this case. I jumped too quickly Embarrassed

I just looked for a quick answer in the CEH books I had nearby and couldn't find any reference to a bastion host for some reason, but I did see the quoted stuff about a honeypot. If this came from the Gregg book, then it's most likely from the v4 courseware.


	Logged

j0rDy

Hero Member

Offline

Posts: 590

Re: CEH question

« Reply #5 on: June 24, 2010, 04:33:20 AM »

giving the material provided by EC-council, i would go for honeypot. As far as i can remember, the term bastion host is never mentioned in the course materials, so it would be a weird correct answer giving the above fact? i also trip over the sentence: he has included a host that is fully exposed to attack. this clearly states a honeypot, but additional information like: the behaviour of the server is closely monitored or something.


	Logged

ISC2 Associate, CEH, ECSA, OSCP, OSWP

earning my stripes appears to be a road i must travel alone...with a little help of EH.net

Pages: [1] Go Up

« previous next »