Expert – Cybersecurity
Reading Time – 1 minute, 35 seconds
The honeypot definition is an intrusion detection mechanism designed for IP and network security. It act as decoy systems that can attract potential intruders, observe their activities to understand potential security threats and respond accordingly.
Honeypot systems are equipped with monitors, sensors, and event loggers. Any attempt to access a those system or any activity on it, trigger the sensors and event loggers to track these activities. Honeypot systems are filled with fabricated information to look like real systems. They have no true production value and are not used by real users.
Hence, any attempt to access a honeypot system or any inbound connection to a honeypot system is considered a potential attack or an illegitimate network scan. If a honeypot system initiates any outbound traffic that means the system is most likely compromised.
The main purpose of a honeypot system is to divert attackers from the original system. The goal is to get them to access and stay long enough on the fake system for the network administrators to collect information about the attackers, such as their identity and their behaviors. Once a sufficient amount of information about the attackers is collected the network administrators develop strategies to respond to the possible attacks.
The classifications of Honeypot systems
Now that you know the honeypot definition, let’s discover the three types based on the level of interaction. The higher the interaction with the system, the more information you can obtain about the attackers.
- Low-interaction honeypot – This is easy to install and simple to use. This only provides a limited number of fake or emulated services. It does not provide a real operating system that attackers can operate on.
- Mid-interaction honeypot – This provides more interaction with the aid of scripts but the services are still emulated. Implementing this is comparatively more complex and time-consuming.
- High-interaction honeypot – This provides a real-time system with an actual operating system. This system provides more information about the attackers as the retention is high.