A honeypot in cyber security is a network-attached system set up as a decoy (fake) system deployed by people, organisations and other entities. It is designed to appear as a high-value asset like a server to log user activity and how they approach the system to hack it or do any other activity.
A honeypot is also designed to look like any digital asset, such as software programs, servers and networks. The purpose of a honeypot is to pretend to look like a potential target to hackers. This is meant to convince the adversary that they have accessed the current system and encourage them to spend time within this controlled environment. All the information collected from honeypots is helping companies develop and enhance their cyber security strategy in response to potential real-world threats.
Honeypot can track cybercriminals actions to have a better understanding of their methods and motivations. In fact, organisations can rely on the information collected by Honeypot to develop security protocols to prevent similar attacks in the future. Below are some features of Honeypots.
These types of honeypots run on limited services and have restricted permissions; they can be used to track UDP, TCP, IIC, CMP and other protocols/services. In short, low-interaction honeypots only track the user’s IP address.
These are based on real-time functioning operating systems. They have the same services as the actual application. The purpose of this honeypot is to collect more information on the attack so the organisation can take extra time when medicating the attack.
These types of honeypots are real applications are vulnerable, hard to maintain, but the success rates are high. Attackers normally think it might be vulnerable, so they will decide to hack it and get blocked eventually. In that case, the organisation will be able to collect some information and understand how the attacker hacked this machine; therefore, they can prevent future attacks.
These types of honeypots are deployed in real working environments. Once the attackers see them, they will directly spend time enumerating and exploiting them. The organisation will be alerted and understand how the attackers hack the real system.