Introducing Honeypot, a cyber pot of honey on your web!
Honeypot is an interesting way to protect your resources. This is the solution specialy designed to draw the attention of hackers to make their efforts aimed at attacking the “pot of honey” – an imitation of your crown jewels organization, insted of a system that could cause serious harm.
There are many types of honeypots that can be implemented. If you want you can configure a fake system with the entire network topology. Also it gives you a possibility to create many different hosts, so you can cover a variety of services and different operating systems.
Each of these hosts can be configured differently. You can run any number of services and configure them to appear as if they ran under different operating systems. If you like, for network simulation purposes you can create tens of thousands of different hosts on your LAN. In short, you can create a solid simulation of a large system to make it look authentic and possible to attack.
For example, a honeypot can mimic a company’s billing system. Which is a common targeted by criminals who want to find credit card numbers.
The list of exemplary functionalities is, for example:
- Simulate multiple virtual hosts simultaneously.
- Identifying cyber attacks and assigning hackers a passive ‘fingerprint’.
- Simulation of multiple TCP / IP stacks.
- Simulation of network topology.
- Configuration of real FTP and HTTP servers and even UNIX pod applications virtual IP addresses.
Honeypots seem to be an easy entry point to the web to reverse attackers attention from other parts of the system. They represent a deliberate loophole in system security that can be attacked without causing any damage. The main goal is to provide IT Security teams with information on how they operate hackers. Unlike most asset protection solutions, designed with the sole purpose of stopping outside attackers, maybe it also identify internal threats.
Honeypots have a low percentage of false-positives which is in stark contrast traditional intrusion detection systems (IDS) that can generate high the level of these alerts. This helps to prioritize activities and maintains resource demand at a low level. You can also use conclusions extracted from the honeypot log analysis to improve the configuration of the others IT security systems.
Honeypot is a system that is set for one purpose…to be attacked. It is a hacking, malicious infection system software and generally exploited by a malicious third party. You can be wondering … why spend your time, effort and money setting up a system that will attract hackers? Why would you intentionally create a system of weakened defense which will be used? Why attract at all interest in malicious third parties?
There are three perfect reasons showing why it’s worth it:
- You will waste hacker’s time. Time spent on attacking safe system is a time that was not spent on hacking the system that would hurt your organization.
- By setting up the honeypot, you will be able to see who and how is attacking your system.
- The applications are the starting point for choosing a protection technology against threats.
- An attack detected on a honeypot can protect your organization from real attack.
Threat researchers have used honeypots as a behavioral analysis tool for many years. They are an invaluable source of knowledge about how systems are attacked, what is the ultimate target, and what are common features with other attacks. Since they support limited traffic, they don’t have great hardware requirements. You can configure the honeypot with older hardware, offloading the main resources.
They also have a business case. Analysis of actual attacks on exposed systems helps to accurately estimate what technologies will be needed for defense and in how to structure your cybersecurity budge.