主权项 |
1. A method for setting a trap to detect if an intruder has compromised a client end station in an attempt to gain unauthorized access to enterprise data provided by a server executing on a server end station, the method comprising:
causing a honey token to be located on the client end station secluded within a browser local storage, wherein the browser local storage is used by a web browser and has stored therein at least one of a cookie, a proprietary storage format data element, and username and password credentials to be used by the web browser, wherein the honey token includes information that permits the web browser to seemingly access the enterprise data provided by the server, wherein the honey token does not actually allow access to any of the enterprise data provided by the server, wherein the server is unaware of the honey token, and wherein the honey token is a reverse honey token in that it exists on the client end station and not on the server; and causing a set of one or more attribute values to be installed on a security gateway implemented in an electronic device and coupled between the client end station and the server, wherein the set of attribute values are to be utilized for a security rule that causes the security gateway to,
monitor network traffic for attempted use of the honey token to gain access to the enterprise data provided by the server, and generate an alert when a set of one or more packets that include the honey token are received. |