27-10-2016, 12:46 PM
1461686913-Honeypot.pptx (Size: 115.58 KB / Downloads: 4)
A honey pot is a computer system on the Internet that is expressly set up to attract and "trap" people who attempt to penetrate other people's computer systems.
NEED OF HONEYPOT
A firewall is designed to keep the attackers out of the network whereas honeypots are designed to entice the attackers to attack the system.
The honeypot defends against attacks that the firewall is unable to see. Ideally the honeypot is used with a firewall.
GOALS
To divert the attention of the attacker from the real network, in a way that main information resources are not compromised.
To build attacker profiles.
To capture new viruses and worms for future study.
HOW IT WORKS?
The fake information servers strategically-positioned in a test network, which are fed with false information made unrecognizable as files of classified nature.
These servers are initially configured in a way that is difficult, but not impossible, to break into them by an attacker.
The server is loaded with monitoring and tracking tools so every step and trace of activity left by a hacker can be recorded in a log.
CLASSIFICATION
HoneyPots can be classified according to two criteria:
According to their implementation environment
(a) Production HoneyPots.
(b) Research HoneyPots.
According to their level of interaction
(a) Low Interaction
(b) High interaction
ACCORDING TO THEIR IMPLEMENTATION ENVIRONMENT
(A) Production HoneyPots.
Used to protect organizations.
Production honeypots used to protect network directly.
Honeypot can apply to all three layers prevention, detection and response.
(B) Research Honeypots
These Honeypots are not implemented with the objective of protecting networks.
They represent educational resources of demonstrative and research nature whose objective is centered towards studying all sorts of attack patterns and threats.
ACCORDING TO THEIR LEVEL OF INTERACTION
(A) Low Interaction
Low –interaction honeypots are typically the easiest honeypots to install, configure, deploy, maintain but customized to more specific tasks.
Introduce a low or atleast limited risk.
(B) High interaction
High interaction honeypots are the extreme of honeypot technologies.
Providing an attacker with a real operating system where nothing is restricted.
It provides whole information about attackers.
CONCLUSION
Honeypots provide a dynamic level of security that cannot be achieved by other conventional methods.
Honeypots do not fix a single problem. Instead they have multiple uses, such as prevention, detection or information gathering.