Many computer/IT students would have come across this word at least once during their college life. Thankfully, it is not as complex as routers or IP addresses to understand. Well, the concept of Honeypot is quite old, but is still effective, and many companies still use it to secure themselves from various attacks. Honeypots basically is nothing but a trap, a system meant to lure attackers and keep the original network safe and secure.
What is Honeypot?
Honeypot is nothing but a machine to lure attackers to attack it and leave the real system safe from them. So in this way, we set a trap for the attacker, making him believe that he’s indeed attacking the real systems and not a fake one. Honeypots can be loaded with various fake data and servers to make it more believable for the attacker. Seeing the false data might increase his confidence, making him think he has actually compromised the network’s security and will leave the real system aside. Honeypots is still in use by various companies for different purposes.
Honeypot Rough Architecture
Why use Honeypot?
A honeypot can be used for more than one purpose. Its upto the company to decide what it wants a honeypot to do. Generally small-scale industries install honeypot just to secure their network and distract the attacker from the original network.
Whereas some companies set up a honeypot to learn about the attacker and catch him in the act, and take the proper legal actions against the attacker.
Few companies use it to learn the techniques hackers use, and take proper counter steps to secure their network security. This is also the best way to know which methods the hackers are using and learn to protect their networks from those methods. In this method special care should be taken so that the attacker has no clue that he’s being monitored and hence uses his real tools and methods.
Sometimes companies also use it as diversionary playground for the attackers, so everyone’s happy; the attacker thinking he has hacked into a networks, and the employees because no harm was done to the real systems.
Problems while setting up Honeypot:
There are only couple of problems that a network or security engineer might face during setting up a honeypot.
- Monitoring the attack surreptitiously. A little clue to the attacker, and he will get out of the system immediately, thus making honeypot useless.
- Setting up false data and environment. Creating a whole fake environment, and making it believable is quite difficult. If the attacker identifies the false data, he/she will immediately know this is a trap and leave.