Secure your Network by setting up a Honeypot

November 16, 2018

In this emerging and highly competing digital era, every single day is a new opportunity to invent and investigate new things. When comes to technology alone, as per a survey, millions of new ideas have been registering to change and renovate the digital world. Honeypot is such a new technology designed to secure your networks.

This post helps to understand what a Honeypot is and what are the different types of honeypots. Also, guides you to quickly setup a Honeypot in your local environment.

Denial-of-Service attacks are still a big threat to any organization. Did you ever face a breach, a hacker attempting to break into your system? Have you ever tried to hack the hacker back or did you get a chance to analyse how the intruder broke into your network? A successful attack can compromise the system which may attack other systems within the network. If you are looking for a solution then, Honeypot is the proposed solution to defend against Distributed Denial-of-Service (DDoS) attacks or any kind of brute forcing and unauthorized intrusion activities with certain features that make it especially attractive and can lure attackers into its vicinity.

What is a Honeypot?

A Honeypot is a devised system that is expressly implemented to attract and trick users who penetrates the systems over the network. This is more like a decoy which is intentionally made accessible to the hackers so that, all their efforts will be misled to attack the honeypot rather than attacking a system where they could cause serious trouble. Though, implementing honeypot seems harmful for few organizations because honeypots does not solve problems instead it will let any skilled hacker to play with it, which could create an additional risk and put a whole organization at risk. Keeping this in mind, a honeypot should not be the only solution instead it should be an additional layer of security that can be used alongside a firewall or IPS and IDS. Properly placed honeypots can prevent attacks, detect unauthorized activity and can gather information about the hackers.

What is a Honeypot

Types of Honeypots

Conceptually, all honeypots work the same but they are categorized into few types based on the purpose of honeypots and level of interaction with the intruders

Production Honeypots: A Production honeypot is the one used within an organization to mitigate risk by misleading attackers.

Research Honeypots: A Research honeypot is used to retrieve the information about the hacker in order to trace back the hacker or to analyse the strategy & techniques applied by the intruder.

Based on level of interaction with the attackers, they are sub-categorized to Low, Medium, High interaction honeypots. When we say interaction, it meant to be the simulation of resources which can be accessible by an intruder.

Low -Interaction Honeypots: These honeypots simulate any of the services such as TELNET, FTP, MESSAGING, etc. This low-interaction honeypot is both easy to deploy and maintain.

The main objective of low-interaction honeypot is only to detect, such as unauthorized probes or login attempts. Good example of Low-interaction honeypot is "Honeyd", which will be covering in the next article.

Advantages:

Disadvantages:

High - Interaction Honeypots: These honeypots are time-consuming to design and maintain. The purpose of a high level interaction honeypot is to give the attacker access to a real operating system where nothing is emulated. Using this honeypot we can take a control over the attacker as soon as he falls in our trap. A 'Honenynet' is a good example in this case.

Advantages:

Disadvantages:

What is a Honeynet?

A Honeynet is nothing but deploying multiple sets of honeypots into the network to prevent attacks and collect data. When an intruder tries to devise new techniques to detect and circumvent any of the Honeypots, their attention will be drawn to the other Honeypots located in different places. Though it depends on the cost benefit analysis, having a Honeynet is always good to defend the attacks. Kippo, Honeyd, etc., are the examples of Honeypots which can be studied further.

However, you can always give a try on these honeypots by setting up in your local virtual machine or on cloud. Another worth mentioning honeypot is Nepenthes, which emulates known vulnerabilities and captures the attack on any attempt.

Summary: Main Benefits of Honeypots

Risk Mitigation:

Attack strategies:

Evidence:

Once the attacker is identified with all the data captured , it may be used as evidence which can be really important for legal proceedings

Caveats to be considered:

Reference: https://www.symantec.com/connect/articles/defeating-honeypots-system-issues-part-1

Credit: ACE Team

About Loginsoft

For over 20 years, leading companies in Telecom, Cybersecurity, Healthcare, Banking, New Media, and more have come to rely on Loginsoft as a trusted resource for technology talent. From startups, to product and enterprises rely on our services. Whether Onsite, Offsite, or Offshore, we deliver. With a track record of successful partnerships with leading technology companies globally, and specifically in the past 6 years with Cybersecurity product companies, Loginsoft offers a comprehensive range of security offerings, including Software Supply Chain, Vulnerability Management, Threat Intelligence, Cloud Security, Cybersecurity Platform Integrations, creating content packs for Cloud SIEM, Logs onboarding and more. Our commitment to innovation and expertise has positioned us as a trusted player in the cybersecurity space. Loginsoft continues to provide traditional IT services which include Software development & Support, QA automation, Data Science & AI, etc.

Expertise in Integrations with Threat Intelligence and Security Products: Built more than 250+ integrations with leading TIP, SIEM, SOAR, and Ticketing Platforms such as Cortex XSOAR, Anomali, ThreatQ, Splunk, IBM QRadar & Resilient, Microsoft Azure Sentinel, ServiceNow, Swimlane, Siemplify, MISP, Maltego, Cryptocurrency Digital Exchange Platforms, CISCO, Datadog, Symantec, Carbonblack, F5, Fortinet, and so on. Loginsoft is a partner with industry leading technology vendors Palo Alto, Splunk, Elastic, IBM Security, etc.

In addition, Loginsoft offers Research as a service: We're more than just experts in cybersecurity; we're your accredited in-house research team focused on unraveling the complexities of cybersecurity and future technologies. From Application Security to Threat Research, our seasoned professionals have cultivated expertise in every facet of the field. We've earned the trust of over 20 security platform companies, who count on our research and analysis to strengthen their cybersecurity solutions.

Interested to learn more? Let’s start a conversation.

Get notified

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

BLOGS AND RESOURCES

Latest Articles