Honeypots are traps designed to detect attempts by any unauthorized use of information systems in order to learn from attacks to further improve computer security.
Traditionally, network security requires vigilance using firewall techniques such as firewalls, intrusion detection systems, and encryption. But the current situation calls for more proactive methods to detect, reject and counter attempts at illegal use of information systems. In such a scenario, using honeypots is a proactive and promising approach to combat network security threats.
- What is Honeypot
- Why install Honeypots
- How Honeypots Protect Computer Systems
- Benefits of Using Honeypots
What is Honeypot
Considering the classic area of computer security, the computer needs to be protected, but in the area of Honeypots , security holes are deliberately opened. Honeypots can be defined as a trap that is designed to detect attempts by any unauthorized use of information systems. Honeypots essentially include desks for hackers and computer security experts. The main purpose of a Honeypot is to detect and learn from attacks, and use the information to improve security. Honeypots have long been used to track intruders and protect against upcoming threats. There are two types of lures:
- Research bait. Research bait is used to study the tactics and techniques of attackers. It is used as a surveillance post to see how an attacker works while compromising a system.
- Production Honeypot. They are mainly used to detect and protect organizations. The main purpose of a production decoy is to help reduce risk in an organization.
Why install Honeypots
The value of the bait is weighed by the information that can be obtained from it. Monitoring the data that enters and leaves the honeypot allows the user to collect information that is not otherwise available. There are generally two popular reasons for setting up a Honeypot:
- Get understanding
Understand how hackers check and try to gain access to your systems. The general idea is that by keeping records of the activities of the perpetrator, it is possible to better understand the attack methodologies in order to better protect their real production systems.
- Collection of information
Gathering forensic information needed to apprehend or prosecute hackers. This is information that is often needed to provide law enforcement officials with the detailed information they need to prosecute.
How Honeypots Protect Computer Systems
A honeypot is a computer connected to a network. They can be used to check for operating system or network vulnerabilities. Depending on the type of installation, you can examine security holes in general or in particular. They can be used to monitor the activities of a person who has accessed the Honeypot.
Honeypots are usually based on a real server, a real operating system, and data that looks like real life. One of the main differences is the location of the machine relative to the real servers. The most important task of a honeypot is data collection, the ability to log, alert, and record whatever an attacker does. The collected information can be very critical in relation to the attacker.
High and low interaction honeypots
Highly interoperable honeypots can be completely compromised, allowing an adversary to gain full access to the system and use it to launch further network attacks. By using such decoys, users can learn more about targeted attacks on their systems, or even about internal attacks.
In contrast, low-interaction honeypots only use services that cannot be used to gain full access to the honeypot. They are more limited, but useful for collecting information at a higher level.
Benefits of Using Honeypots
- Collecting real data
Although Honeypots collect a small amount of data, almost all of this data is a real attack or unauthorized activity.
- Reduced false positive
With most detection technologies (IDS, IPS), most alerts are false alerts, while Honeypots do not.
- Cost effective
The honeypot simply interacts with malicious activity and does not require a high-performance resource.
With a honeypot, it doesn’t matter if the attacker is using encryption; the activity will still be captured.
Honeypots are very easy to understand, deploy, and maintain.
Honeypot is a concept, not a tool that can be simply deployed. Know in advance what they are going to learn so that the honeypot can be customized to suit its specific needs. Sans.org has some useful information if you need to know more about this.