A honeypot is a resource with a variety of different uses and whose value lies in its unauthorised or illicit use.
In other words a honeypot is useless if attacker or malicious user does not attack or atleast try to attack it.
Use of honeypots:
Honeypots are designed to study the different kinds of attack and the procedure in which attack takes place.thus honeypots lures the attackers to attack the system with a pupose of security and security related studies and analysis.a normal user will never connect to honeypot resource.
Now since a honeypot resource has no real use thus if a system admin notices a user connecting to it,then 99% of the time that user is a malicious one.
In brief honeypots has following uses:
A} uses of research honeypots:
1. To research on attackers {tools, methods, techniques and exploits}.
2. To assess general trend in the security industry.
3. Research honeypots are useful for research purposes.
4. Honeynets are networks of honetpots that trap the attackers by luring them and all their activities are recorded by research honeypots.
B} uses of production honeypots:
1. Production honeypots tricks the attackers in attacking the honetpot system instead of actual system.
2. Helps in detection of attacks.
3. Reduces false positives.
4. Reduces false negatives as it detects almost all attacks.
5. Log files are complete and easy to read.
6. Works with encryption and ipv6 environment.
7. Any traffic to honeypots is concluded to be malicious one 99% of time.
8. Helps in computer forensics,as evidence is not tampeted with.
9. Honeypots can be disconnected as soon as attack is detected.
There are two main types of honeypots:
1. Research honeypots:
The biggest problem that system admins face nowadays, is that they do not know their own attackers.they do not know the techniques,tools,methods etc being used ny their attackers due to which it is impossible to protect one`s own system on internet.to solve this problem research honeypots are used.
Uses of research honeypots:
1. To research on attackers {tools, methods, techniques and exploits}.
2. To assess general trend in the security industry.
3. Research honeypots are useful for research purposes.
4. Honeynets are networks of honetpots that trap the attackers by luring them and all their activities are recorded by research honeypots.
2. Production honeypots:
Production honeypots are normally used for improving the security of a particular network.
Uses of production honeypots:
A. Production honeypots tricks the attackers in attacking the honetpot system instead of actual system.
B. Helps in detection of attacks.
C. Reduces false positives.
D. Reduces false negatives as it detects almost all attacks.
E. Log files are complete and easy to read.
F. Works with encryption and ipv6 environment.
G. Any traffic to honeypots is concluded to be malicious one 99% of time.
H. Helps in computer forensics,as evidence is not tampeted with.
I. Honeypots can be disconnected as soon as attack is detected.
According to the level of implementation, research honeypots and production honeypots are classified into following two types:
1. Low involved honeypots:
A. A typical low involved honeypot will have a few ports open, so the admin knows what ports the attackers will try to connect to.
B. The attackers will not be allowed to do anything else on the server and hence they are less risky.
C. Low involved honeypots do not give the essential insight into attacker, hence they are normally used as producttion honeypots.
2. High involved honeypots:
A. High involved honeypots will have a few open ports and a few vulnerable services running.
B. The attacker is allowed to actually to break into high involved honeypots, which makes them risky.
C. It can be used to collect a lot of insight on the tools, techniques, methods used by attacker and hence they are normally used as research honeypots.
Advantages of honeypots:
1. Records minimal but extremely important data .for example :recoding the activity of malicious users
2. Efficient: centralised log files or ids log files might drop a few lines due to high activity and bandwidth.
3. Works with encryption ipv6 as well.
Disadvantages of honeypots:
1. Worthless:
if nobody attacks the honeypot, then it is practically useless.
2. Risky:
a typical honeypot introduces varied amount of risk in the overall security of the concerned network.
#1 by Shweta - March 27th, 2008 at 16:22
it is very informative blog.such systems must be used.so that hackers can be trapped and internet becomes a safe.
#2 by shekar - March 31st, 2008 at 16:56
This blog was quite interesting reading this i feel like designing this kind of system
#3 by Vishal Patil - March 31st, 2008 at 17:03
The blog is very good,which allows to know the who is hacker and avoid the vulnerability.
#4 by pradip kashid - March 31st, 2008 at 17:52
are there any sites which gives practical use of honeypots??seems interesting.
#5 by Jayashree - March 31st, 2008 at 19:48
Good tool for network administrator.
#6 by kurund - April 1st, 2008 at 15:29
Very interesting blog