A honeypot is a security mechanism that creates a virtual trap to lure attackers. Simply we can say that this is a decoy box residing inside your network demilitarized zone (DMZ), set up by a security professional to trap or aid in locating hackers, or to draw them away from the real target system.
Since this a decoy system , a malicious attacker might try to attack; software on the system can log information about the attacker such as the IP address. This information can be used to try to locate the attacker either during or after the attack.
Honeypots vary based on design and deployment models, but they are all decoys intended to look like legitimate, vulnerable systems to attract cyber criminals.
Type of Honeypot
Production Honeypot : Used by companies and corporations for the purpose of researching the motives hackers as well ass diverting and mitigating the risk of attacks on the overall network.
- Research Honeypot : Used by nonprofit organizations and institutions for the sole purpose of researching the motives tactics the hacker community fro the targeting different networks.
- Malware Honeypot : Uses known replications and attack vectors to detect malware.
- Spam Honeypot : These are used to emulate open mail relays and open proxies.
- Database Honeypot : Activities such as SQL injections can often go undetected by firewall, so some organizations use a database honeypot which can provide honeypot support to create decoy databases.
- Client Honeypot : Actively seeks out malicious servers that attacks clients, monitoring for suspicious and unexpected modification to the honeypot.
- Honeynets : Rather than being a single system, a honeynet is a network that can consist of multiple Honeypots. Honeynets aim to strategically track the methods and motives of an attacker while containing all inbound and outbound traffic.
Types of Honeypot Deployments
There are three types of honeypot deployments that permit threat actors to perform different levels of malicious activity.
- Pure honeypots : Complete production systems that monitor attacks through bug taps on the link that connects the honeypot to the network. They are unsophisticated.
- Low-interaction honeypots : Imitate services and systems that frequently attract criminal attention. They offer a method for collecting data from blind attacks such as botnets and worms malware.
- High-interaction honeypots : Complex setups that behave like real production infrastructure. They don’t restrict the level of activity of a cyber criminal, providing extensive cyber security insights. However, they are higher-maintenance and require expertise and the use of additional technologies like virtual machines to ensure attackers cannot access the real system.
Different types of honeypot can be used to identify different types of threats. Various honeypot definitions are based on the threat type that's addressed. All of them have a place in a thorough and effective cyber security strategy.
Honeypot Open Source Projects.
Cowrie, Hfish, Tpotce, Sshesame, Conpot, Honeytrap, Routeros, Opencanary_web, etc

Comments
Post a Comment