AUTOMATION OF THE USE OF FALSE COMPONENTS IN THE INFORMATION SYSTEM
Abstract
The article considers the applicability of deceptive information systems and their components in building an automated system for deploying and managing the applied implementation of deceptive component technology to improve the attack prevention system. The main advantages and the role of technology in the information security strategy setting the specifics and the area of technology means and tools practical appliance are suggested. The article considers the fundamentals of the architecture and features of the technology application, as well as its limitations. The purpose and the objective of using the present technology is pointed in terms of key principles of implementation disclosure. In addition, regulatory publications and other recommendations constituting the best practices in the field of its use were analyzed. The concept and architecture of the final automated solution for integration into information systems and security systems are considered, and the functional content of the final solution is described. A distinctive feature of the proposed solution is the use of controlled containerization mechanisms, that provide ample opportunities for scaling the solution and isolating compromised system components as a result of an intruder's actions. A formulated process of the automation system practical implementation in perspective of solution subsystems is schematically described in relation to dependent components (such as suggested document pieces and outer tools and systems) and included operations processing conditions. A model of deployment and operation of a distributed automation system is also provided in the following sequence: setting up a deployment server (including provisioning), deploying a network of false decoy components based on containerization, deploying external baits, integrating with systems and instances of the information security stack external to the composition of the solution. The solution is implemented by means of the principle: fake assets and resources of the fictive environment are deployed in an information technology infrastructure using controls and are intended to be affected by the adversary. The deployed set of subsystem tools was tested using a third-party node with the appropriate tools and scanning scenarios. Recommendations are given for further improvement of the automation system for deployment and management of tools and measures for deceptive component technology.