Honeypot Security

What is a Honeypot?

In cyber security world, a honeypot is a system or security mechanism that’s been set up as a decoy to lure in cyber-attackers. It generally comprises a computer, applications, and/or data which simulate the behavior of the real system with which they’re associated. “Associated”, but separate, as the honeypot exists in its own isolated environment and is excluded from any authorized access granted by the parent network.

Most corporate company networks lack serious oversight, that is, no one is really watching. Watching the network and computer systems is expensive & overwhelming. No wonder then that insider attacks go undetected for months, malware proliferates stealthily and hackers can spend their time gradually infiltrating deeper and deeper, undetected. It's simply too hard to discern between legitimate activities and illegitimate or malicious activities.

Here is a visual graphic that will help you understand how Honeypot works in your network: 

Honeypot_Diagram.png

Why are Honeypots necessary?

Why are honeypots necessary given other technologies of securing a system? This question has one obvious answer, honeypots give the ability to learn how a system can be compromised and by whom while protecting it. To show its importance, a honeypot can be compared to the infamous firewall, which is widely used by many network administrators as a form of security. A firewall is a device that shuts off everything and then turns back on only a few well-chosen items. The reason we have firewalls is because various servers leave security holes open accidentally on many ports.

Honeypots are designed to be broken into for two primary reasons. One of these is to find information about vulnerable areas of a system and those that are most likely to be attacked. Essentially, by doing this one can learn how a system can be compromised by observing attack methodologies. The second main goal of honeypots is to gather forensic information required to aid in the apprehension or prosecution of intruders. Honeypots purposely leaves a "hole" in the system that is so obvious to walk through that other areas of the system look relatively much more secure. In essence, the honeypot then protects the other areas of the system or network by diverting attention to it.

What is Honeynets?

Two or more honeypots on a network form a honey net. Typically, a honey net is used for monitoring a larger and/or more diverse network in which one honeypot may not be sufficient. Honey nets and honeypots are usually implemented as parts of larger network intrusion detection systems. A honey farm is a centralized collection of honeypots and analysis tools.

How to setup a Honeypot in less than an hour?

Follow This Link for more technical information on how to setup Honeypots in your network.

Conclusion

Honeypots provide a dynamic level of security that cannot be achieved by other conventional methods. Honeypots are also perfectly legal once used correctly. This blog also presented details on how a honeypots should be setup.

 

Sources: https://en.wikipedia.org, http://www.hackinginsider.com, https://www.networkworld.com, https://www.cyberisk.biz