Secure your Network by setting up a Honeypot

November 16, 2018

In this emerging and highly competing digital era, every single day is a new opportunity to invent and investigate new things. When comes to technology alone, as per a survey, millions of new ideas have been registering to change and renovate the digital world. Honeypot is such a new technology designed to secure your networks.

This post helps to understand what a Honeypot is and what are the different types of honeypots. Also, guides you to quickly setup a Honeypot in your local environment.

Denial-of-Service attacks are still a big threat to any organization. Did you ever face a breach, a hacker attempting to break into your system? Have you ever tried to hack the hacker back or did you get a chance to analyse how the intruder broke into your network? A successful attack can compromise the system which may attack other systems within the network. If you are looking for a solution then, Honeypot is the proposed solution to defend against Distributed Denial-of-Service (DDoS) attacks or any kind of brute forcing and unauthorized intrusion activities with certain features that make it especially attractive and can lure attackers into its vicinity.

What is a Honeypot?

A Honeypot is a devised system that is expressly implemented to attract and trick users who penetrates the systems over the network. This is more like a decoy which is intentionally made accessible to the hackers so that, all their efforts will be misled to attack the honeypot rather than attacking a system where they could cause serious trouble. Though, implementing honeypot seems harmful for few organizations because honeypots does not solve problems instead it will let any skilled hacker to play with it, which could create an additional risk and put a whole organization at risk. Keeping this in mind, a honeypot should not be the only solution instead it should be an additional layer of security that can be used alongside a firewall or IPS and IDS. Properly placed honeypots can prevent attacks, detect unauthorized activity and can gather information about the hackers.

What is a Honeypot

Types of Honeypots

Conceptually, all honeypots work the same but they are categorized into few types based on the purpose of honeypots and level of interaction with the intruders

Production Honeypots: A Production honeypot is the one used within an organization to mitigate risk by misleading attackers.

Research Honeypots: A Research honeypot is used to retrieve the information about the hacker in order to trace back the hacker or to analyse the strategy & techniques applied by the intruder.

Based on level of interaction with the attackers, they are sub-categorized to Low, Medium, High interaction honeypots. When we say interaction, it meant to be the simulation of resources which can be accessible by an intruder.

Low -Interaction Honeypots: These honeypots simulate any of the services such as TELNET, FTP, MESSAGING, etc. This low-interaction honeypot is both easy to deploy and maintain.

The main objective of low-interaction honeypot is only to detect, such as unauthorized probes or login attempts. Good example of Low-interaction honeypot is "Honeyd", which will be covering in the next article.

Advantages:

Disadvantages:

High - Interaction Honeypots: These honeypots are time-consuming to design and maintain. The purpose of a high level interaction honeypot is to give the attacker access to a real operating system where nothing is emulated. Using this honeypot we can take a control over the attacker as soon as he falls in our trap. A 'Honenynet' is a good example in this case.

Advantages:

Disadvantages:

What is a Honeynet?

A Honeynet is nothing but deploying multiple sets of honeypots into the network to prevent attacks and collect data. When an intruder tries to devise new techniques to detect and circumvent any of the Honeypots, their attention will be drawn to the other Honeypots located in different places. Though it depends on the cost benefit analysis, having a Honeynet is always good to defend the attacks. Kippo, Honeyd, etc., are the examples of Honeypots which can be studied further.

However, you can always give a try on these honeypots by setting up in your local virtual machine or on cloud. Another worth mentioning honeypot is Nepenthes, which emulates known vulnerabilities and captures the attack on any attempt.

Summary: Main Benefits of Honeypots

Risk Mitigation:

Attack strategies:

Evidence:

Once the attacker is identified with all the data captured , it may be used as evidence which can be really important for legal proceedings

Caveats to be considered:

Reference: https://www.symantec.com/connect/articles/defeating-honeypots-system-issues-part-1

Credit: ACE Team

Get notified

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

BLOGS AND RESOURCES

Latest Articles

RansomHub Revealed: Threats, Tools, and Tactics

December 9, 2024

The Rise of INTERLOCK Ransomware

November 13, 2024

Fortifying the Cloud: A Guide to Securing Vulnerable Cloud Environments

October 23, 2024