Honeypots
A honeypot, also called “cheating team”, is a software or set of computers intended to attract attackers, pretending to be vulnerable or weak systems to attacks.
It is a computer tool used to collect information about attackers and their techniques. Honeypots can distract attackers from the most important machines in the system, and promptly warn the system administrator of an attack, in addition to following an intensive examination of the attacker, during and after the attack to the honeypot.
Some honeypots are programs that just simulate operating systems that do not really exist. They are known as low interaction honeypots and are used mainly as a security measure.
Others however work with real operating systems and are able to collect much more information; their purpose is usually to research, and they are known as high interaction honeypots.
Honeypots classification
The best way to differentiate these types of applications is by interactivity. That is to say, to what level it allows the attacker to interact with the honeypot. We then classify them, according to this factor by
- Low interaction. The simulation of services and / or applications allows attackers to interact with the system in a very limited way, it is not possible the total commitment of the system. They only simulate an application or service through the honeypot tool. Disadvantage: we can say that the quantity / quality of the data collected is limited. Advantage: among others that they are applications easily installed and maintained.
- High interaction. The attacker could interact with the system where the honeypot is if it is not well configured / controlled. Installation and maintenance are more complex. Disadvantage: the retractions to the possible attacker are smaller and greater the real commitment of the system. Advantage: The collection of information is greater in quantity and quality.
Where to place honeypots
Basically, there are two ways to place a honeypot:
- In a closed environment, isolated and separated from any production system.
- Within a network or real production environment. In this way, we have to reinforce and tune security measures in access to honeypots systems.
