Deception is not reserved only for the attackers. Defenders can play the deceptive game too, and it can be game changing! Here are some abstractions that are useful to consider during deception planning
Nonessential elements of deceptive information (NEDI): Fictional information that is to be hidden.
Information we can share with attackers, but not too obvious, we don’t want the deception to be understood as deceitful.
- Fake emails injected into users inboxes containing NEDI
- Password files on file shares that contains credentials to notional systems
Nonessential elements of friendly information (NEFI): Truths that are to be revealed.
This is information we want to share, truths that can strengthen our position, affirm an attackers understanding, or otherwise support the stance we want our adversary to continue believing. Make them verifiable by the attacker.
- Network information which is true, but not sensitive
- Disclosure of real files and information
Essential elements of deceptive information (EEDI): Fictional information that is to be revealed to adversary.
The traps, lures and fiction presented to attackers, hoping to deceive and influence decision making and actions of the adversary. These are our falsehoods.
- Notional systems, users, files and honey pots, etc..
- Modified network traffic revealing lures
Essential elements of friendly information (EEFI): Truths that are to be hidden.
These are our strengths, weaknesses and other information we do not want our adversary to take advantage of, exploit or otherwise reveal. Examples include:
- Network diagrams of important networks
- Credentials to real users and systems
- Defensive capabilities which should not be evaded