Fig 63 High interaction honeypot A high interaction honeypot has great risk as

Fig 63 high interaction honeypot a high interaction

This preview shows page 55 - 57 out of 269 pages.

the honeypot system itself [5]. Fig 6.3: High-interaction honeypot: A high-interaction honeypot has great risk as The attacker can compromise the system and use all its resources. Value of honeypots 55
Now that we have understanding of two general categories of honeypots, we can focus on their value. Specifically, how we can use honeypots. Once again, we have two general categories; honeypots can be used for production purposes or research. When used for production purposes, honeypots are protecting an organization. This would include preventing, detecting, or helping organizations respond to an attack. When used for research purposes, honeypots are being used to collect information. This information has different value to different organizations. Some may want to be studying trends in attacker activity, while others are interested in early warning and prediction, or law enforcement. In general, low-interaction honeypots are often used for production purposes, while high- interaction honeypots are used for research purposes. However, either type of honeypot can be used for either purpose. When used for production purposes, honeypots can protect organizations in one of three ways; prevention, detection, and response [6]. Honeynets So far, only simple honeypots were considered. These honeypots do run on a single machine. To make honeypots look more like productive systems; people have begun to setup complex systems consisting of multiple honeypots, IDS and firewalling components. Such complex setups are referred to as honeynets . Honeynets allow the simulation of realistic productive environments at the cost of a more or less immense administrative and technical expenditure. Log files from honeynets, for example, are much harder to interpret in comparison to the output of a single honeypot. Extraordinary scenarios can occur, where various components are attacked, associated and misused in parallel by completely different third parties. Since honeynets can be categorized as high_ very high involvement , the risk one takes is significantly higher as the risk of a single honeypot. But the provided possibilities and methods are far more advanced, and there are several ways to minimize the risks, for instance by using traffic limiting firewall components in the setup [1]. 6.5 Honeypot Deployment Strategies To maximize the strengths of honeypots, and minimize the risks involved, deployment should be carefully planned. The following is a set of common honeypot deployment strategies: Install honeypots alongside regular production servers. The honeypot will likely need to mirror some real data and services from the production servers in order to attract attackers. The security of the honeypot can be loosened slightly so as to increase its chance of being compromised. The honeypot can then collect attack-related information. However, if a successful attack takes place on the honeypot within the network that compromised honeypot machine might be used to scan for other potential targets in the network. This is the main drawback of installing honeypots within the production system. In other honeypot deployment methods, (some of which are

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture