In the cyber world, where cyber crime is surpassing, Honeypot system plays a critical role in measuring the techniques of the attackers and helps to find the loophole in the network.
Honey Pot Systems are trap systems designed to collect the information regarding an invader. It is true that it does not replace the other security systems or standards but offers an additional service.
What is Honeypot?
A Honeypot is a valuable insight into potential system loopholes and enable IT administration to minimize the risks occur on network and systems. With Honeypot, IT department can analyze the ways by which attackers could compromise the system.
A Honeypot is a computer system on the Internet that is specifically arranged to draw and “trap” individuals who tries to break in another individual’s computer system.
Precondition for Honeypot:
Honeypot provides a great value to the system requires a high attention and is more than a learning experience. For a successful Honeypot, there are some preconditions should be there in the network area.
- The OS (operating system) should be out of date with default options.
- The data on the system should be destroyed securely.
- Design the application that records activities of an attacker.
Goals to set up Honeypot:
The reasons behind to set up Honeypot is:
- Learn the techniques of intruders to protect your system in the near future.
- To gather information that will help to understand the intruders and forward to law enforcement agencies for prosecution.
Classification of Honeypot:
There are two categories: Low interaction Honeypot and high interaction Honeypot.
Emulation (one system behaves/copy like other system) level in low interaction Honeypot is limited to certain services and OS. Therefore, the attacker’s actions will be limited to the selected emulation level. Such method is easy to deploy, maintain, as well reduces risk of being used in the field. The disadvantage is limited interaction; a smart attacker can easily identify such kind of system.
It seems more complex than the low interaction Honeypot, and it possesses no restriction by offering a real system to attackers. It allows administrator to get the extensive details of attacker’s methods. Attackers believe high interaction Honeypot as advancement to attack on other systems in the organization. Sometime, the network connection needs to be disconnected to prevent further penetration in the system.
To get the knowledge about attacker’s methods, maximize the strength of Honeypot, and minimize the involved risks, the deployment of Honeypot requires a strategy.
- Installation of Honeypot should be done next to production servers. The Honeypot needs to get the data from production servers to lure attackers. The security part of Honeypot can be affected in order to provide vast field to attacker and collect attack related information. The drawback of installing Honeypot within the production system is a compromised Honeypot, which can scan additional loopholes in the network.
- Connect each server to Honeypot and redirect traffic to the Honeypot from the web server. Honeypot can be camouflaged; a certain amount of data may need to be repeated on the Honeypot.
- Build a network of Honeypot that can imitate and repeat actual network. Attackers pretend that there are several applications on different platforms. It offers IT department to understand attacker’s methodology and targeted systems. The department can reveal the types of attacks that have been conducted on the network.
Honeypot tool is an excellent way to gauge the intention of an attacker. With this tool, an administrator can find the loophole in the system and can reduce the risks associated with it. The actions of attackers offer precious information for examining their attacking methods. However, such system cannot detect attacks that do not interact with them in the organization.
Related Posts :