written 2.7 years ago by |
HONEYPOT
A honeypot is a computer system that is set up to act as a decoy to lure cyberattackers, and to detect, deflect or study attempts to gain unauthorized access to information systems.
This is similar to the police baiting a criminal, conducting undercover surveillance, and finally punishing the criminal.
A honeypot is a security resource who's value lies in being probed, attacked or compromised.
- honeypots are weapons against spammers, honeypot detection systems are spammer-employed counter- weapons. As detection systems would likely use unique characteristics of specific honeypots to identify them.
- Honeypots can be classified based on their deployment (use/action) and based on their level of involvement. Based on deployment, honeypots may be classified as
Production Honeypots : Production honeypots are easy to use, capture only limited information, and are used primarily by corporations. Production honeypots are placed inside the production network with other production servers by an organization to improve their overall state of security. Normally, production honeypots are low-interaction honeypots, which are easier to deploy. They give less information about the attacks or attackers than research honeypots.
Research Honeypots Research honeypots are run to gather information about the motives and tactics of the Black hat community targeting different networks. These honeypots do not add direct value to a specific organization; instead, they are used to research the threats that organizations face and to learn how to better protect against those threats.Research honeypots are complex to deploy and maintain, capture extensive information, and are used primarily by research, military, or government organizations.
- Based on design criteria, honeypots can be classified as:
Pure Honeypots
High-interaction honeypots
Low-interaction honeypots