| 摘要 |
A method for improving security of computer resources, the method comprising providing access 200 to a reference database storing information on resources (e.g. email servers, domain controllers) which trusted computer processes need from a configuration database (e.g. Active Directory). The configuration database stores information on resources in a computer system. A first computer process detects 202 a request for a resource stored in the configuration database. The first process determines 204 whether the second, requesting computer process is known to need access to the requested resource. If it is not, then the second process is exhibiting suspicious behaviour, and the first process causes transmission 206 of a response to the request which appears to the second process to include the requested resource, but which actually comprises a resource indicator (e.g. fake information) which directs the second process to access an environment monitored by an anti-malware program (e.g. a honeypot). |
