Honeypots are a system or you can say a server that can be deployed side by side by the production systems within your network. Honeypots can add security monitoring opportunities for the blue teams and helps to misdirect the attackers from attacking the true targets.
This depends on the organization’s strength how it works and the internal infra network which decides how to implement it. There is much organization that is using it applications that mainly used to divert the malicious traffics away from the critical systems which may warn you earlier before the critical systems to be under attack.Â
The honey pots gather the information of the threat actors and their mode of methods basically I don’t get the whole information about the attacker but it has the insight of the attacker’s tools, tactics, and the procedure which gather forensic and legal evidence without putting the whole network at risk.
For the honey pots, it should be normal that it contains the dummy files which make the attacker believe that they are at the right place. The Honey pot should be any system that can be used for the setup with proper sniffing and logging capabilities. If it placed behind the corporate firewall then it will be a good idea because it provides the important logging and alternating capacities and you can also block the outgoing and incoming traffic which used to compromise the whole system.
Different Types of Honeypots :
There are several honeypots technologies which can be used to include the following:
- Malware Honeypots: These honeypots help to protect from the malware which makes a virtual or emulated device for the malware and the malware gets trapped inside that. It is also known for replication and attack vectors to detect malware.
- Spam Honeypots: This type of honeypots can detect the mass volume of the spam mail and stop the following. Whenever the scammer sends the mail they first send the test mail if the test was successful then they send the massive spam mail. So it can detect and stops the spammer.
- Database Honeypots: Through the honeypots can create a decoy database for the attacker who often does SQL injection and they sometimes time undetected by the firewall of the organization.
- Client Honeypots: This category of the honeypots basically does the full monitoring and listing to the clients and checking the server connections which helps the clients to not attacked by the attackers.
- Honeynets: This is a full package of it even used on the network which can consist of the multiple it. The main is to strategically track the methods and motives of an attacker while containing all inbound and outbound traffic.
Benefits of the honeypots :
Honeypots are a low-cost way to help you can increase the security level. It is straightforward and low-maintenance. It helps to identify the real way to attack.
Found this article informative? Follow Vednam on Facebook, Twitter, Mix, Tumbler, and Linkedin to know more exclusive content we post.
