| 主权项 |
1. A method for setting a trap to detect if an intruder has compromised a client end station in an attempt to gain unauthorized access to enterprise data provided by a server executing on a server end station, wherein the client end station comprises a set of one or more user data files storing user data accessed through a set of one or more applications and further comprises a set of one or more configuration repositories storing application configuration data used by the set of applications to configure the operation of the set of applications, the method comprising:
causing a honey token to be placed on the client end station secluded within the application configuration data stored in at least one of the set of configuration repositories, wherein the honey token is one or more of metadata and instructions indicating how one or more of the set of applications can seemingly access the enterprise data provided by the server, wherein the honey token is invalid and does not allow access to any of the enterprise data provided by the server, wherein the server is unaware of the honey token, and wherein the honey token is a reverse honey token in that it is placed on the client end station and not on the server; and causing a set of one or more attribute values to be installed on a security gateway implemented in an electronic device and coupled between the client end station and the server, wherein the set of attribute values are to be utilized for a security rule that causes the security gateway to,
monitor network traffic for attempted use of the honey token to gain access to the enterprise data provided by the server, andgenerate an alert when a set of one or more packets that include the honey token are received. |
