Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Honeypot Processors: Access Policy Processor

    This processor injects fake permission data into the clientaccesspolicy.xml file of the web application's domain. The fake access policy references a fake service and grants a random domain access to call it. If the service is ever called, or any files are ever requested in the directory the service is supposedly contained in, an incident can be created. Under normal conditions, no user will ever see the clientaccesspolicy.xml file, and therefore be unaware of the URL to the fake service or the directory it resides in. In the cases where a Silverlight object is legitimately requesting clientaccesspolicy.xml from the protected domain in order to access a known service, it will not create an incident, because the service being called is defined with real access directives.

    Table 1: Access Policy Processor Configuration Parameters

    Parameter

    Type

    Default Value

    Description

    Basic

    Processor Enabled

    Boolean

    True

    Whether or not to enable this process for https traffic.

    Advanced

    Fake Service

    String

    Random

    The fake service the user requested.

    Incident: Malicious Service Call

    Boolean

    True

    The user manually entered the URL into the browser and accessed the service that way. They did not call the function.

    Incident: Service Directory Indexing

    Boolean

    True

    The user asked for a file index on the directory that contains the fake service.

    Incident: Service Directory Spider

    Boolean

    True

    The user is issuing requests for resources inside the directory that contains the fake service. Since the directory does not exist, all of these types of requests are unintended and malicious.

    Published: 2015-02-04