Honeypot is basically a trap for attackers who are trying to attack a computer, server, computer network or other devices. The attacker - no matter if a person or a program, tries to find the weakest place of the system and then attack it. This is what the honeypot tactic is trying to make use of in order to defend the system. The honeypot that looks like the weakest link is trying to attract the attacker’s attention or to record his or her activity along with the attack method, for example.
What is the use of honeypots?
One of the key uses of honeypots is to lure the attacker in a different direction, either to divert his or her attention or to get time to secure the primary resource. The second key use is to analyze the behavior of attackers - no matter if it’s people or machines (e.g. malware). Security is like a constant tug-of-war where there are the capabilities and tactics of attackers on one side, and the ability of defense of the defenders on the other. Attackers are continuously changing tactics and strategies of attacking while avoiding their disclosure. Thus, it is a good idea to use traps - honeypots - to analyze the attackers’ behavior on a harmless target and to be able to adapt the protection for the future. Typically, honeypots are used to detect a variety of malware and to analyze their behavior.
How does a honeypot look like? What is it exactly?
In the field of Information Security, honeypot is most often a program (software), entire device (such as server, active network component) or a service.
- Passive honeypots are devices, programs, or services that pretend to be a vulnerable server
- Active honeypots search the network or computers and interact with them in some way. The honeypot can simulate a web browser, an e-mail client, router or various application services.