.

CEH question

<<

satish.lx

User avatar

Newbie
Newbie

Posts: 36

Joined: Thu Jun 17, 2010 1:15 pm

Post Mon Jun 21, 2010 6:33 pm

CEH question

QUESTION
Ron has configured his network to provide strong perimeter security. As part of his network architecture,
he has included a host that is fully
exposed to attack. The system is on the public side of the demilitarized zone, unprotected by a firewall or
filtering router. What would you call such a host?

A.Honeypot
B.DMZ host
C.DWZ host
D.Bastion Host


What is the answer of this question ? and why ?
<<

venom77

User avatar

Hero Member
Hero Member

Posts: 1905

Joined: Mon Dec 11, 2006 3:23 pm

Post Mon Jun 21, 2010 7:01 pm

Re: CEH question

edit: I stand corrected, The answer should be D) Bastion Host

There is not enough information to clearly say it is a honeypot, but a system placed in the position described would be a bastion host. Reference wherever this question came from, as their definition of either should give you the proper answer

Ron has configure a network with strong perimeter security and included a system that is exposed to attack.

EC-Council definition of a honeypot:

Honeypots are computers or virtual appliances, setup up as vulnerable systems, designed to detect, deflect, or in some manner counteract attempts by unauthorized individuals to penetrate a network system. This preventive measure is used to learn the language of attackers and other intruders, and to adopt security measures in keeping with their intrusion tools and techniques. The goal of setting up a honeypot is to divert an attack to a softer target and allow that system to be probed, attacked, and potentially exploited. By having honeypots on the network an administrator can gain enormous amounts of information about how a malicious hacker can gain access to systems. Security improvements can occur by knowing the tools that intruders use. This data allows system administrators to build countermeasures against these activities. [1]


It's not a DMZ host, because it's not in the DMZ. It's not a DWZ host, because.. well, what is a DWZ? It's possible that it could be a bastion host (and you could argue that a honeypost is a sub-category of a bastion host) but the question doesn't make reference to the system in question being hardened. It says it is left unprotected and exposed, thus leaving us with a honeypot.

[1] Vol 5. of 5, Secure Network Infrastructures: 3-3 - EC-Council Press
Last edited by venom77 on Wed Jun 23, 2010 3:05 pm, edited 1 time in total.
<<

JollyJokker

Post Wed Jun 23, 2010 10:10 am

Re: CEH question

I would say Bastion Host. The question mentions nothing on making the machine vulnerable to lure attackers, so I would not say it would be a honeypot. A bastion host is supposed to be a hardened system with increased exposure.

ok, I answer from the safe side cos I remember this question (I think it was in Gregg's Prep Exam Guide). I had also answered "honeypot". But it was wrong.

And I agreed. Because other than its exposure, nothing else indicates it being a honeypot. In general, it is a rather misleading question.
<<

geekyone

User avatar

Full Member
Full Member

Posts: 180

Joined: Fri Oct 26, 2007 12:45 pm

Location: Peoria, IL

Post Wed Jun 23, 2010 1:07 pm

Re: CEH question

I agree the question is very misleading.  On first reading it I agreed with BillV but after a thorough reading I think Hordakk is right and the correct answer is Bastion Host.  Since the question doesn't really say it is designed to lure in attackers (although that could be implied in the "fully exposed" statement).

However having said that I know BillV is heavily involved with EC-Council and the CEH.  I would probably take his answer as more in line with EC-Council thinking.  After all, as anyone who has taken the CISSP will agree with me, it isn't always the right answer it is the answer they want.
CISSP, CEH, GPEN, GCIH, GCFA
<<

venom77

User avatar

Hero Member
Hero Member

Posts: 1905

Joined: Mon Dec 11, 2006 3:23 pm

Post Wed Jun 23, 2010 3:01 pm

Re: CEH question

I agree, it is a goofy question. It's obviously one of the two and there's not enough information to clearly say what it is.

As you've pointed out, you'd expect it to say something about luring in an attack (and thus it'd be a honeypot) or being hardened (bastion host).

You both are probably right. Bastion host is probably a better answer in this case. I jumped too quickly :-[ I just looked for a quick answer in the CEH books I had nearby and couldn't find any reference to a bastion host for some reason, but I did see the quoted stuff about a honeypot. If this came from the Gregg book, then it's most likely from the v4 courseware.
<<

j0rDy

User avatar

Hero Member
Hero Member

Posts: 591

Joined: Tue Feb 23, 2010 4:55 am

Location: Netherlands

Post Thu Jun 24, 2010 4:33 am

Re: CEH question

giving the material provided by EC-council, i would go for honeypot. As far as i can remember, the term bastion host is never mentioned in the course materials, so it would be a weird correct answer giving the above fact? i also trip over the sentence: he has included a host that is fully exposed to attack. this clearly states a honeypot, but additional information like: the behaviour of the server is closely monitored or something.
CISSP, CEH, ECSA, OSCP, OSWP

earning my stripes appears to be a road i must travel alone...with a little help of EH.net

Return to CEH - Certified Ethical Hacker

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software