Honeypot is a system, which sole purpose is to attract potential intruders and record their activity, to further analyze and investigate security breaches. In practice, a lot of devices can be classified as honeypots. Starting with simple warning systems, such as scripts listening at specific ports and alerting administrators about connection attempts, to more complex solutions, capable of slowing down network attacks or spam and collecting large amount information about unknown types of attack.
How Honeypots Help Increase Data Security
The Honeypot is connected to the computer network. They are generally used to investigate vulnerabilities of your network or operating system. Based on the kind of installation, you can learn security loopholes. They are helpful in learning activities of an intruder who has gained control over the Honeypot.
Honeypots are setup on real servers, real OS accompanied by information that looks authentic to cyber criminals. One of the biggest differences is the machine’s location. They are located distantly from the actual servers. The main purpose of setting up a honeypot is to gather data, capability to log, alert and track every activity of the intruder. Thus, the data can be used against the attacker.
Types Of Honeypots
Honeypots are usually divided in two groups: low interaction and high interaction. Low interaction honeypots primarily emulate system or services and are usually simple in implementation. More complex high interaction honeypots are build on real systems or are using virtualization combined with sophisticated monitoring software and network traffic filtering.
Low-Interaction vs. High-Interaction Honeypots
Low-Interaction honeypots only include services for attract hackers. However, they do not offer complete access of the honeypot server to attackers. They are used for collecting information at higher level.
In contrast, high-interaction honeypots can be entirely hacked. They permit an intruder to gain complete access to systems and utilize them to enable further network attacks. With high-interaction honeypots, security experts can study more about the kinds of attacks that are made against the system.
Also Read : How To Deal With Tech Support Scams?
Benefits Of Using Honeypots
- Gather Real Data
Although honeypots gather a small amount of data but most of the data are a result of real attacks.
- Lessens False Positive
With detection technologies like IPS and IDS, a big chunk of alerts is mostly false warnings. However, with honeypots this rarely occurs.
- Cost Effective
The honeypot technique does not require any high-end equipment. The sole purpose of the system is to interact with hacker, which does not require high-performance. Hence the setup is cost-effective.
- Encryption
Even if the attacker uses any encryption technique, the activity will still be recorded by the honeypot.
- Simple
It is very easy to understand, use and maintain.
Few Issues With Honeypots
Honeypots can never 100% resemble real systems. It creates potential loophole for attackers, allowing them to detect such devices and avoid getting caught. Low interaction systems emulate simple protocol properties, thus potential attacker can identify such system by sending more sophisticated requests. High interaction systems monitor all system activity, using additional processor time, making intensive I/O disk operations and sending data over the network. All that activity creates delays and network traffic and can be detected.
Additionally, high interaction systems build on top of virtualization solutions are easily identifiable. A simple example is Vmware, that assigns MAC addresses to virtual network cards from specific address pool. Detection of virtual system doesn’t mean that system is a honeypot, however it raises the suspicion level, in result an attacker will be more careful and probably check the system for presence of monitoring software.
Conclusion
Popularity of honeypots have pushed the development of detection software. An example of a detection software is Honeypot Hunter. It allows to scan large number of IP addresses for presence of honeypot system and saving a list of systems not serving as honeypots.
Must Read : Why Do Cyber Criminals Want To Hack Your Phone?
Hiding honeypots, and from the other side their detection will always be present in IT security practices. Every new technique stimulates another one. Additionally, since honeypots became a real threat to crackers, botnets and spammers, more and more detection techniques are being developed. The recent deception techniques are based on the honeypot model.
Leave a Reply