Honeypot

nemo2

 Honeypot




A honeypot is an additional security protection that can be used alongside a firewall and other security solutions to help protect a network from hackers. It can also be used to gain information about how cybercriminals operate.

Honeypots, as the name suggests, are designed to catch a hacker’s eye so that their efforts will be drawn to attacking the honeypot rather than a system where they could cause serious harm.

In contrast to a firewall, which is designed only to keep external attackers out, a honeypot can also identify internal threats and attacks. Many companies are almost blind to attacks from within. A honeypot provides increased visibility and allow IT security teams to defend against attacks that the firewall fails to prevent. There are considerable benefits of honeypots, and many organizations have implemented them as an additional protection against internal and external attacks.


Benefits of a honeypot :

1.Observe hackers in action and learn about their behavior

2.Gather intelligence on attack vectors, malware, and exploits. Use that intel to train your IT staff

3.Create profiles of hackers who are trying to gain access to your systems

4.Improve your security posture

5.Waste hackers’ time and resources

6.They show you that you are being attacked and that data is valuable when attempting to get budget increases for security.



Flaws of Honeypot :

1.No system is perfect and there are notable disadvantages of honeypots.

2.Honeypots add complexity to a network, and the more complex a network is, the harder it is to secure.

3.The honeypot can only tell you about an attack in progress if the honeypot is directly attacked.



Two Popular Honeypots :

1.Honeyd Honeypot :

This is a small daemon that can be used to create a network containing many virtual hosts. Each of those hosts can be set up and configured differently. You can run a range of arbitrary services on each, and configure them to appear as if they are running different operating systems. For network simulation purposes, you can create tens of thousands of different hosts on your LAN using Honeyd if you so wish. You can use Honeyd to hide your real system, identify threats, assess risk, and improve your security posture.


2.Kippo Honeypot :

Kippo is used to create a dummy SSH server, which allows attackers to conduct brute force attacks. The honeypot can be set with a root password that is particularly easy to guess, such as a simple string of numbers: 123456 for example.


If you want more info,

Click Here ( https://www.webtitan.com/)


credits: Creative-R-Tech