Thursday, January 29, 2015

HoneyPots, HoneyNet : Useful to protect computer, computer network from being hacked

Honeypot in Information Technology is as sweet as its name, I heard a story about natural tendency of greed. It is said that to trap the monkey, people use to have a earthen pot and put some chickpeas (Chana) into it. When monkey approaches the pot to pick chickpeas and drops its hand inside the earthen pot. His hand is full of chickpeas as he wants to eat those but due to closed hand (fist)he is unable to take out his hand out of pot. Now he is trapped and people catch him.

Likewise to nab the hackers, computer intruders- Information Security guys developed Honeypots. Honeypot is a trap which is set to lure the attackers, detect and gather malicious activities of computer hackers, intruders and generating alerts. The activities of attackers provides valuable information for analyzing their attacking techniques and methods. Because honeypots only capture and archive data and requests coming in to them, they do not add extra burden to existing network bandwidth.    Honeypot may be standalone machine or can be a network of some computers. If it is network of computers then it is called as HoneyNet. Honeypot/HoneyNet is isolated from the actual network of the organization and it is monitored to collect all the activities of the attacker. Honeypot can be called as modern times Detective.

Honeypot monitors and gathers all the activities of the computer attackers e g how hackers probe, how they get access into the computer system,  their attacking methodologies. Honeypot not only useful in cyber security research as new attack approaches, methodologies are available to cyber security research teams but honeypots are very helpful to Forensic department.

Let us understand it by an example- Traffic at some specific port say 110 can be directed to a web server as a normal traffic but rest of the web server traffic can be directed to honeypot to gather information. If honeypot is deployed properly and successful then computer hacker will have no clue that he is being trapped.
Honeypots can be divided into two categories:
  1. Low Interaction Honeypots or Productions Honeypots 
  2. High Interaction Honeypots
1. Low Interaction or Production Honeypots normally used by small size companies and are easy to deploy. These honeypots provide basic information about cyber security threats.

2. High Interaction Honeypots are complex and used for research purposes.

No comments:

Post a Comment

Email Security

Your organization security is at substantial risk if you have not implemented email security policy. Daily we all receive emails which con...