What Are Honetpots ?
Just as honey attracts bears, a honeypot is designed to attract hackers. Honeypots have no production value. They are set up specifically for the following purposes:
- Providing advance warning of a real attack
- Tracking the activity and keystrokes of an attacker
- Increasing knowledge of how hackers attack systems
- Luring the attacker away from the real network
A honeypot consists of a single computer that appears to be part of a network, but is actually isolated and protected. Honeypots are configured to appear to hold information that would be of value to an attacker. Honeypots can be more than one computer. When an entire network is designed around the principles, it is called a honeynet. A honeynet is two or more honeypots. The idea is to lure the hacker into attacking the honeypot without him knowing what it is. During this time, the ethical hackers can monitor the attacker’s every move without him knowing. One of the key concepts of the honeypot is data control. The ethical hackers must be able to prevent the attacker from being able to use the honeypot as a launching point for attack and keep him jailed in the honeypot. To help ensure that the hacker can’t access the internal network, honeypots can be placed in the DMZ or on their own segment of the network.Two examples of this are shown in fig.
Two examples of honeypot placements.
Advantages Of Honeypot
- Collect only small data sets(only when interacted), which is valuable and easier to analyze.
- Reduce false positives – because any activity with the honeypot is unauthorized by definition
- Reduce false negatives – honeypots are designed to identify and capture new attacks
- Capture encrypted activity – because honeypots act as endpoints, where the activity is decrypted
- Work with IPv6
- Highly flexible – extremely adaptable and can be used in a variety of environment
- Require minimal resources
Disadvantages Of Honeypot
- Server: Put the honeypot on the Internet and let the bad guys come to you.
- Client: Honeypot initiates and interacts with servers
- Other: Proxies
Examples Of Honeypot
- BackOfficer Friendly
- compromised honeynet can be used to attack other honeynets or non-honeynet systems
- Its value will dramatically decreased if detected by hacker
- Hacker may ignore or bypass it
- Hacker may inject false information to mislead
- Disabling honeynet functionality :
- Attacker disables the data control & capture
- Using the compromised system for criminal activity
A great resource for information about honeypots is "The Honeynet Project” which can be found at www.honeynet.org. This nonprofit group of security professionals has dedicated itself to studying the ways that honeypots can be used as a research and analysis tool to increase the ability for ethical hackers to defend against attacks.
Please leave Your Comments..