Diferencia entre revisiones de «Honeypots/en»

De FdIwiki ELP
Saltar a: navegación, buscar
(Página creada con «Un '''honeypots''' (“tarro de miel”), también llamado equipo trampa, es un software o conjunto de computadores cuya intención es atraer a atacantes, simulando ser sis...»)
 
Línea 1: Línea 1:
Un '''honeypots''' (“tarro de miel”), también llamado equipo trampa, es un software o conjunto de computadores cuya intención es atraer a atacantes, simulando ser sistemas vulnerables o débiles a los ataques.
+
A '''honeypot''', also called “cheating team”, is a software or set of computers intended to attract attackers, pretending to be vulnerable or weak systems to attacks.
  
[[Archivo:honeypots.png|200px|frame|derecha|Esquema de un honeypot en una red local]]
+
[[Archivo:honeypots.png|200px|frame|derecha|Schema of a honeypot in a local network]]
+
Es una '''herramienta de seguridad informática''' utilizada para recoger información sobre los atacantes y sus técnicas. Los honeypots pueden distraer a los atacantes de las máquinas más importantes del sistema, y advertir rápidamente al administrador del sistema de un ataque, además de permitir un examen en profundidad del atacante, durante y después del ataque al honeypots.
+
  
Algunos honeypots son programas que se limitan a simular sistemas operativos no existentes en la realidad y se les conoce como honeypots de baja interacción y son usados fundamentalmente como medida de seguridad.  
+
It is a '''computer tool''' used to collect information about attackers and their techniques. Honeypots can distract attackers from the most important machines in the system, and promptly warn the system administrator of an attack, in addition to following an intensive examination of the attacker, during and after the attack to the honeypot.
  
Otros sin embargo trabajan sobre sistemas operativos reales y son capaces de reunir mucha más información; sus fines suelen ser de investigación y se los conoce como honeypots de alta interacción.
+
Some honeypots are programs that just simulate operating systems that do not really exist. They are known as low interaction honeypots and are used mainly as a security measure.
  
==Clasificación de los honeypots==
+
Others however work with real operating systems and are able to collect much more information; their purpose is usually to research, and they are known as high interaction honeypots.
La mejor manera de diferenciar estos tipos de aplicaciones es por la '''interactividad'''. Es decir, hasta qué nivel deja interactuar al atacante con el Honeypot. Entonces clasificamos, según este factor por:
+
  
* '''Baja interacción.''' La simulación de servicios y/o aplicaciones permiten a los atacantes interactuar con el sistema de forma muy limitada, no es posible el compromiso total del sistema. Solo simulan una aplicación o servicio a través de la herramienta honeypot. '''Desventaja:''' podemos decir que la cantidad / calidad de los datos recogidos son limitados. '''Ventaja:''' entre otras que son aplicaciones de fácil instalación y mantenimiento.
+
==Honeypots classification==
 +
The best way to differentiate these types of applications is by '''interactivity'''. That is to say, to what level it allows the attacker to interact with the honeypot. We then classify them, according to this factor by
  
* '''Alta interacción.''' El atacante podría interactuar con el sistema donde se honeypot si no está bien configurado / controlado. La instalación y mantenimiento son más complejos. '''Desventaja:''' las retracciones al posible atacante son menores y mayor el compromiso real del sistema. '''Ventaja:''' La recopilación de información es mayor en cantidad y calidad.
+
* '''Low interaction.''' The simulation of services and / or applications allows attackers to interact with the system in a very limited way, it is not possible the total commitment of the system. They only simulate an application or service through the honeypot tool. '''Disadvantage''': we can say that the quantity / quality of the data collected is limited. '''Advantage''': among others that they are applications easily installed and maintained.
  
==Dónde colocar el honeypot==
+
* '''High interaction.''' The attacker could interact with the system where the honeypot is if it is not well configured / controlled. Installation and maintenance are more complex. '''Disadvantage''': the retractions to the possible attacker are smaller and greater the real commitment of the system. '''Advantage''': The collection of information is greater in quantity and quality.
Básicamente hay dos formas de ubicar el honeypot:
+
 
* En un entorno cerrado, aislado y separado de cualquier sistema de producción.
+
==Where to place honeypots==
* Dentro de una red o entorno real de producción. De esta forma tenemos que reforzar y afinar las medidas de seguridad en el acceso a los sistemas honeypots.
+
Basically, there are two ways to place a honeypot:
 +
* In a closed environment, isolated and separated from any production system.
 +
* Within a network or real production environment. In this way, we have to reinforce and tune security measures in access to honeypots systems.

Revisión de 18:23 24 ene 2017

A honeypot, also called “cheating team”, is a software or set of computers intended to attract attackers, pretending to be vulnerable or weak systems to attacks.

Schema of a honeypot in a local network

It is a computer tool used to collect information about attackers and their techniques. Honeypots can distract attackers from the most important machines in the system, and promptly warn the system administrator of an attack, in addition to following an intensive examination of the attacker, during and after the attack to the honeypot.

Some honeypots are programs that just simulate operating systems that do not really exist. They are known as low interaction honeypots and are used mainly as a security measure.

Others however work with real operating systems and are able to collect much more information; their purpose is usually to research, and they are known as high interaction honeypots.

Honeypots classification

The best way to differentiate these types of applications is by interactivity. That is to say, to what level it allows the attacker to interact with the honeypot. We then classify them, according to this factor by

  • Low interaction. The simulation of services and / or applications allows attackers to interact with the system in a very limited way, it is not possible the total commitment of the system. They only simulate an application or service through the honeypot tool. Disadvantage: we can say that the quantity / quality of the data collected is limited. Advantage: among others that they are applications easily installed and maintained.
  • High interaction. The attacker could interact with the system where the honeypot is if it is not well configured / controlled. Installation and maintenance are more complex. Disadvantage: the retractions to the possible attacker are smaller and greater the real commitment of the system. Advantage: The collection of information is greater in quantity and quality.

Where to place honeypots

Basically, there are two ways to place a honeypot:

  • In a closed environment, isolated and separated from any production system.
  • Within a network or real production environment. In this way, we have to reinforce and tune security measures in access to honeypots systems.
Obtenido de «http://wikis.fdi.ucm.es/ELP/index.php?title=Honeypots/en&oldid=9340»