Mostly used by security researchers and IT corporates, a honeypot is a trap devised to unveil origins and malicious techniques used by cyber attackers.
In this article at CSO, Josh Fruhlinger explains that honeypot is the oldest IT security procedure, that can turn into a dangerous game, if not used carefully.
The Starting Point
Honeypot is a deliberately configured computer system with known weaknesses to mimic and tempt cyberattacks. However, it neither contains any productive data nor participates in legitimate traffic on company network. This way, the security researchers can easily identify if anything happening within the security system is a result of an cyberattack or not.
Kinds of Honeypots
The two main strategies for classifying honeypots are based on how they are built and what they meant. Let us identify the different aspects of implementing a honeypot:
- A genuine honeypot is a manual server configured to attract hackers and keep a watch over them with the help of special monitoring software. It is a realistic way to target and catch the hackers but risky enough to turn the tables towards its creators. The attackers may use it as a staging server for advance attacks as they are labor-intensive to configure.
- A high-interaction honeypot is a virtual machine to keep potentially compromised systems isolated and can be run on a single physical device. It is a bit expensive system in comparison with others as it can easily scale upto multiple honeypots.
- A low-interaction honeypot is another virtual machine that only runs a limited set of services representing the most common routes to attack. This kind of honeypot is easy to make and maintain while difficult to consume fewer resources. However, it is likely to look ‘fake’ to the attackers.
The security teams managing a honeypot can monitor the techniques used by the hackers to infiltrate systems, escalate privileges, and disrupt target networks. Its creator can learn the in-depth detail of common attacks, get details on how specific attacks work, and may even trap a hacker in the hopes of tracing the attack back to its source. Click on the following link to read the original article: https://www.csoonline.com/article/3384702/what-is-a-honeypot-a-trap-for-catching-hackers-in-the-act.html