The Trap Door

  • Use to hide pathways into sensitive networks
  • Deploy in front of current IDS/IPS
  • Populate unused IP address space
  • Divert malicious traffic to honeynet, leaving authorized traffic undisturbed

The Trap Door involves deploying the Q5 in the “wild,” so to speak, on the DMZ network or in front of current intrusion detection/prevention systems. The Trap Door strategy is particularly valuable in environments that employ highly sensitive networks with access to public Internet but containing data not meant for public consumption.

By populating unused IP address space with decoys, a system of “trap doors” can be built. The idea is to provide false network paths into what appears to be a production environment. Since attackers typically do not know the specific addresses of production assets, when they randomly scan the network address space, they will most likely be knocking on a trap door that will obligingly deliver them to the Q5’s honeynet. This helps divert malicious traffic, while allowing authorized traffic on the network to proceed undisturbed (since authorized traffic will know which addresses and ports to speak with).