In the wake of the advanced and almost impossible to prevent cyber attacks that have victimized literally millions of people and posed serious cybersecurity questions that needed to be answered, some of the measures taken have finally given some relief to the general public and large businesses and organizations alike. Two of the most used systems or technologies used for ensuring the safety of your network and computer system are Intrusion Detection System and Honeypots. While these two can be used interchangeably, they usually fill the gaps and loopholes left in the protective cycle by one another. We’ll be talking about Honeypots and the types of it used in the process.
Honeypot is a mechanism used for finding hackers before they can find and attack you. It’s a system that uses active defense since the security measures used to prevent hackers from accessing your devices have not been as successful they were supposed to be. It has two major types based on the design; Low Interactive Honeypot and High Interactive Honeypot.
These names are derived from their functionality and at what extent they engage the hackers:
Low Interactive Honeypot – This type has a low level of interaction with the system and engages hackers only on the applications that are most likely to get attacked, which also ensures in case the operation goes wrong, the impact of the attack on the network and system is minimized.
But what makes it effective is that it has the ability to identify the malware and viruses among the data traffic it is receiving. Due to the low interaction capability, it terminates all the connections when it runs out of limit and functionality making it clear to hackers that they were engaging with a honeypot and not a real system. It is also called Honeyd.
High Interactive Honeypot – In this type, high risk is taken because all the vulnerable services and software are made available to the hackers to attract their attention. Since it uses the genuine parts of the system and doesn’t fake any of the functionality, it is able to provide real-time data and store information about every move of the attackers. The motive behind allowing services to them is to waste their time while operators can watch and observe their moves to get a clear idea of what they really want. A Honeynet consists of these High Interaction Honeypots.
Research Honeypots – These are used solely for the research purpose and don’t have any use in any other organization other than the ones especially formed for these kinds of research.
Download Types of Honeypots – Low Interaction Honeypot and High Interaction Honeypot in pdf – Click here