Friday, September 18, 2015

What is Honeypot and how does it improve security ?





What is Honeypot ?


Honeypot is a computer security mechanism which is used to counteract attempts of unauthorized attacks on computer systems. It mainly consists of a computer, some data and network site that appears to be part of a network, but is actually isolated and monitored. It seems to contain useful information to the attackers, but actually is used as a bait.


Different Types of Honeypots


There are different types of honeypots :

Production Honeypots  


They are placed inside a production network, along with other production servers. They capture limited information for the attackers. Production Honeypots are low interaction honeypots and they are easier to deploy. Production Honeypots are mainly used by the organization to improve overall state of security.


Research Honeypots


These type of honeypots are used primarily by research, military or government organizations. They run to gather information about the motivs and tactics of the attackers. Most of the time they capture extensive information and are complex to deploy.


High Interaction Honeypots


Sometimes, honeypots imitate the activities of a production system, so that the attacker waste lots of time in the system. They are even deployed as virtual machines, so that even if the honeypot is compromised, it can be restored easily. They are called High Interaction Honeypots.

Low Interaction Honeypots


On the other hand, Low Interaction Honeypots are easy to maintain and they contain limited information.

Sometimes, two or more honeypots are connected together and form a Honeynet. Honeynets are used to monitor larger networks, where single honeypot is not sufficient.


So, it was a short article on a mechanism for preventing attacks, hope you liked it!




Read More

What is Intrusion Detection System and how does it work ?

How to prevent DDoS Attacks ?

What is Next Generation Firewall ?

What is Intrusion Prevention System and how does it work ?

What is Deep Packet Inspection ?

How does Web Application Firewall work ?

How to install Snort IDS on Linux ?

What is IoT Botnet and how is it used to make DDoS attacks ?




No comments:

Post a Comment