Posted on by

Beginners guide to honeypots

Hello aspiring ethical hackers. In this blogpost, you will learn about Honeypots. A Honeypot is one of the security technologies that is useful in enhancing the security of an organization.

What is a Honeypot?

A Honeypot is a security mechanism that unlike other security technologies like Firewalls, IDS and IPS, that try to block malicious activity, attracts the hacker’s attacks to keep the organization secure. A honeypot which can be software or hardware, is made intentionally vulnerable so that hackers can hack it easily. By observing how hackers are compromising the Honeypot, cyber security teams can easily improve their security policies.

Types of Honeypots

Apart from being classified as hardware or software, honeypots are classified into two types based on their operation. They are,

  1. Production honeypot.
  2. Research honeypot.

Let’s learn about each of them in detail.

1. Production honeypot:

These types of honeypots are the most common type of honeypot deployed by organizations around the world. As their name implies, they are deployed in the organization’s production network. They are easier to deploy and give valuable information like the hackers IP address etc.

2. Research honeypot:

As their name implies, Research honeypots are used to gather more information about hackers and their method of hacking compared to production honeypots. Research honeypots collect information like hacker tactics and their methods. However, they are complex to be deployed.

Types of Honeypot deployments

Honeypots can be deployed in three ways. They are,

  1. Pure honeypot
  2. Low-Interaction honeypot
  3. High-Interaction honeypot.

1. Pure honeypot:

This honeypot is connected to the production network of the organization and completely mimics other production systems in the network.

2. Low-interaction honeypot:

As its name implies, low-interaction honeypot gives limited access to hackers. It may just simulate some services and protocols that can appear attractive to hackers. Nothing more than that. After some time, hackers may identify it as a honeypot.

3. High-interaction honeypot:

This is just the opposite of low interaction honeypot. Instead of just simulating some protocols and services, it is a real system with real vulnerabilities and services. Although a bit complex to deploy, this honeypot gives major access for hackers and they can help understand hacker intentions and tactics.

Follow Us