Fortinet black logo

Administration Guide

FortiDeceptor Token Package

Copy Link
Copy Doc ID 63cab9f6-5858-11ec-bdf2-fa163e15d75b:727505
Download PDF

FortiDeceptor Token Package

The FortiDeceptor Token package adds breadcrumbs on real endpoints and servers, and redirects an attacker to engage with a decoy instead of a real asset. Deception tokens are typically distributed within real endpoints and servers on the network to expand the deception surface.

Effective deception lure technology should support the following:

  • Deploy deception lure data and configurations where attackers collect information.
  • Deception lure location must be invisible to end users, and doesn’t affect endpoint functionality.
  • Deception lure is accessible with user level permissions so that attackers can access it early on and get detected. This saves the privileged escalation attack time.

The current FortiDeceptor token packages are:

  • Windows:
    • SMB
    • RDP
    • SSH
    • HoneyDocs
    • Network Connection (static MAC address)
  • Linux:
    • SMB (SAMBA)
    • RDP (xfreerdp)
    • SSH
  • MAC:
    • SMB (SAMBA)
    • RDP (xfreerdp)
    • SSH
  • SAP
    • SAP

When the FortiDeceptor token package is installed on a real Windows, Linux, or MAC endpoint, it increases the deception surface and redirects an attacker to engage with a decoy instead of a real asset.

FortiDeceptor Token Package

The FortiDeceptor Token package adds breadcrumbs on real endpoints and servers, and redirects an attacker to engage with a decoy instead of a real asset. Deception tokens are typically distributed within real endpoints and servers on the network to expand the deception surface.

Effective deception lure technology should support the following:

  • Deploy deception lure data and configurations where attackers collect information.
  • Deception lure location must be invisible to end users, and doesn’t affect endpoint functionality.
  • Deception lure is accessible with user level permissions so that attackers can access it early on and get detected. This saves the privileged escalation attack time.

The current FortiDeceptor token packages are:

  • Windows:
    • SMB
    • RDP
    • SSH
    • HoneyDocs
    • Network Connection (static MAC address)
  • Linux:
    • SMB (SAMBA)
    • RDP (xfreerdp)
    • SSH
  • MAC:
    • SMB (SAMBA)
    • RDP (xfreerdp)
    • SSH
  • SAP
    • SAP

When the FortiDeceptor token package is installed on a real Windows, Linux, or MAC endpoint, it increases the deception surface and redirects an attacker to engage with a decoy instead of a real asset.