Don't you wish hackers could be given a taste of their own medicine? Try giving them a honeypot – a sticky bit of bait they won’t be able to resist. But what is it and how does it work? Read on to find out.
Oct 01, 2019 · 3 min read
A honeypot is a computer or computer system consisting of applications and data intended as bait to catch bad guys. They are set up to look like real systems with exploitable vulnerabilities. The only difference is that they are actually isolated from the rest of the network and are carefully monitored. Hackers don’t know this. Thus they are attracted to them like bees to nectar. So where’s the catch?
Honeypots help to detect attacks, deflect them from more valuable targets, and gather information about cybercriminals and their tactics. They can reveal:
Therefore, honeypots are great deceptive tools that are widely used by large enterprises and security researchers. There are many honeypot configurations that are mostly free and open source. Some can simulate servers and help you analyze the data as well, eliminating the need for a big research team.
Honeypots can be categorized by who uses them and what their primary goal is.
Research honeypots are mostly used by security researchers, militaries and governments. They are very complex and provide vital information needed to study and analyze hackers’ activities and their progress within the honeypot. This helps researchers identify security loopholes and find new ways to protect against them.
Production honeypots are usually used by enterprises. They are usually set up inside a production system and are used as part of an Intrusion Detection System (IDS) that helps to monitor malicious activity. They are less complex and provide less information.
Honeypot systems can also be classified as:
Researchers or enterprises might use multiple honeypots to form a honeynet. They can also go as far as having a centralized collection of honeypots and analysis tools – a honey farm. Using honeynets or honey farms makes bait more believable as hackers can travel from one server to another the way they might in a real system.
No matter how good honeypots sound, they have some limitations and vulnerabilities.
Want to read more like this?
Get the latest news and tips from NordVPN