NF Post 10 :Honeypot

2001586155sefira/ January 2, 2019/ Uncategorized/ 0 comments

If you ever wander how the to capture network attackers, then knowing about honeypot is a good thing. In computing, honeypot is a real or simulated system designed to attract attacks on itself. So basically, honeypot is a network system that act as a decoy to lure cyber attackers, detect, deflect or study hacking attempts. Honeypot rose in popularity back in late 1990s and early 2000s when the wide spreading of worms happened.

How do honeypot works? For example, an IT security for a bank might set a honeypot system that looks like a bank’s network for outsiders. By monitoring traffic to that system, one can have a better understanding of where cyber criminals are coming from, how they operate, and what they want. Aside from that, one can also determine which security feature needs an improvement.

Another example is deception technology, a quite new advancement use of honeypots. Deception technology is one of the most current approach to stop advance attacks. Like honeypot, its aim is to deceive attackers. The difference is, this technology is maintained by a company that deploys a large system of decoy servers within the network and provides the ability to make analysis.

There are two main categories of honeypots, and thus includes:

1.High interaction

real physical machines with some software to help analysis and configuration. Just like the name, the attacker has many freedom for doing various things within the honeypot. This system usually have some intentional vulnerabilities, so the attacker ca gain access.

High interaction honeypot might be able to collect various information regarding security, but it is hard to deploy and the maintenance is expensive.

2.Low interaction

This honeypot emulate systems with vulnerabilities. It is easier to deploy and use very little resource because these can quickly be deployed within a virtual machine.

The drawbacks of this honeypot is there are bigger chances for the attacker to be aware that they are within  a honeypot, and they can do a fingerprinting of the honeypot.

References:

  • image : https://baun-vorlesungen.appspot.com/Abschlussarbeiten/Yousuf_Ovais_Masterarbeit_2016.pdf
  • https://www.intego.com/mac-security-blog/a-honeypot-guide-why-researchers-use-honeypots-for-malware-analysis/
  • https://searchsecurity.techtarget.com/definition/honey-pot
  • https://us.norton.com/internetsecurity-iot-what-is-a-honeypot.html

 

 

 

Share this Post

Leave a Comment