Skip to main content

What is Honeypot?

honeypot is a security mechanism that creates a virtual trap to lure attackers. Simply we can say that this is a decoy box residing inside your network demilitarized zone (DMZ), set up by a security professional to trap or aid in locating hackers, or to draw them away from the real target system.

Since this a decoy system , a malicious attacker might try to attack; software on the system can log information about the attacker such as the IP address. This information can be used to try to locate the attacker either during or after the attack.

Honeypots vary based on design and deployment models, but they are all decoys intended to look like legitimate, vulnerable systems to attract cyber criminals.

Type of Honeypot

Production Honeypot : Used by companies and corporations for the purpose of researching the motives hackers as well ass diverting and mitigating the risk of attacks on the overall network.
  • Research Honeypot : Used by nonprofit organizations and institutions for the sole purpose of researching the motives tactics the hacker community fro the targeting different networks.
  • Malware Honeypot : Uses known replications and attack vectors to detect malware.
  • Spam Honeypot : These are used to emulate open mail relays and open proxies. 
  • Database Honeypot : Activities such as SQL injections can often go undetected by firewall, so some organizations use a database honeypot which  can provide honeypot support to create decoy databases.
  • Client Honeypot : Actively seeks out malicious servers that attacks clients, monitoring for suspicious and unexpected modification to the honeypot. 
  • Honeynets : Rather than being a single system, a honeynet is a network that can consist of multiple Honeypots. Honeynets aim to strategically track the methods and motives of an attacker while containing all inbound and outbound traffic.
Types of Honeypot Deployments

There are three types of honeypot deployments that permit threat actors to perform different levels of malicious activity.
  • Pure honeypots : Complete production systems that monitor attacks through bug taps on the link that connects the honeypot to the network. They are unsophisticated.
  • Low-interaction honeypots : Imitate services and systems that frequently attract criminal attention. They offer a method for collecting data from blind attacks such as botnets and worms malware.
  • High-interaction honeypots : Complex setups that behave like real production infrastructure. They don’t restrict the level of activity of a cyber criminal, providing extensive cyber security insights. However, they are higher-maintenance and require expertise and the use of additional technologies like virtual machines to ensure attackers cannot access the real system.
Different types of honeypot can be used to identify different types of threats. Various honeypot definitions are based on the threat type that's addressed. All of them have a place in a thorough and effective cyber security strategy.

Honeypot Open Source Projects.

Cowrie, Hfish, Tpotce, Sshesame, Conpot, Honeytrap, Routeros, Opencanary_web, etc

Comments

Popular Posts

How to install draw.io Desktop Application on Kali Linux?

draw.io is an online diagramming open source web application which can be used as flowchart maker, network diagram software, ER diagram tool, UML diagramand more. It can be freely accessible website of draw.io or official Docker image or Desktop version for macOS, Linux & Windows. This guide includes detailed instructions about Desktop version installation on Kali Linux. Download the .deb build for draw.io sudo apt update sudo apt -y install wget curl curl -s https://api.github.com/repos/jgraph/drawio-desktop/releases/latest | grep browser_download_url | grep '\.deb' | cut -d '"' -f 4 | wget -i - Install with dpkg command sudo apt -f install ./drawio-amd64-*.de When application is installed, launch the application with following command. drawio Now application is ready to use. Click on " Create New Diagram"  to create new project or click on " Open Existing Diagram " to edit. ...

How to install Oracle Virtualbox in Ubuntu?

Introduction VirtualBox is a powerful free tool offered by Oracle for running an operating system on your computer virtually. In this tutorial lets learn how to install VirtualBox on Ubuntu. Installation 1. Open a terminal or press Ctrl + Alt +T 2. Enter the following command to all the packages or dependencies.      sudo apt-get update ( make sure to give the root password) 3. Run the following command to download and install Virtualbox     sudo apt-get install vrtualbox virtualbox-ext-pack That's all! VirtualBox has been successfully installed on your Ubuntu machine, and you can start using it.