Decoy Server Software

The CyberCop Sting software is a "decoy" server that silently traces and tracks hackers, recording and reporting all intrusive activity to security administrators. The program is an integral component of the CyberCop intrusion protection software family which also includes CyberCop Monitor, a real-time intrusion detection application that monitors critical systems and networks for signs of attack (see related release) and CyberCop Scanner, a network vulnerability scanner. CyberCop Sting addresses the most unfulfilled need in intrusion protection products today by allowing IS managers to silently monitor suspicious activity on their corporate network and identify potential problems before any real data is jeopardized.

The program operates by creating a series of fictitious corporate systems on a specially outfitted server that combines moderate security protection with sophisticated monitoring technology. The product creates a decoy, virtual TCP/IP network on a single server or workstation and can simulate a network containing several different types of network devices, including Windows NT servers, Unix servers and routers. Each virtual network device has a real IP address and can receive and send genuine-looking packets from and to the larger network environment. Each virtual network node can also run simulated daemons, such as finger and FTP, to further emulate the activity of a genuine system and avoid suspicion by would-be intruders. While watching all traffic destined to hosts in its virtual network, the software performs IP fragmentation reassembly and TCP stream reassembly on the packets destined to these hosts, convincing snoopers of the legitimacy of the secret network they've discovered.

Network Associates, 3965 Freedom Circle, Santa Clara, CA 95054 Phone: 408-988-3832 Fax: 408-970-9727