One of the best-known information security strategies
The honeypot is one of the best-known and most efficient information security strategies to protect a given system or application. Much of this is due to dealing directly with the more emotional than rational side of a given attacker. In its literal translation, it means honey pot and, in fact, it works as a great attraction for anyone who comes across it. In practice, a honeypot will act by attracting an attacker to a certain location, distracting him from reaching the target, or even destroying it at that moment.
Using this trap, the goal is to get some information about who would be attacking the system, creating a defense mechanism against future attacks. For this, the honeypot will dress up as a defenseless file to attract the attack directly to it. Generally, in large corporations, the honeypot is structured as if it were a personal customer database or even a financial information management system. That is, the most sensitive part of any company. When the attacker is lured and actually arrives at the honeypot, its origin location can be traced and the problem solved. Because it is more of an environment than a system of direct action, it cannot be configured or customized like a firewall, for example
Application of honeypots
Because it has this generalist performance, that is, it can be applied in the most diverse models of action of the company to attract the invader, there are a series of possible applications. Knowing this, the three most common are:
As we said, pretending to be a database is one of the main features of the honeypot, making it configured for monitoring. Another possible application of the fake database is to actually simulate the original system, making it possible to test the effectiveness of the current safety net. In other words, the honeypot can work not only to lure an attacker, but also to test the system itself against more traditional internet attacks.
It is a more complex but extremely functional application to collect dangerous email source. In this application, an e-mail address is created only for subscribing and receiving automatic mailboxes. Thus, if any of them is identified as spam, the sender is placed on the list. In practice, this list can serve to block emails received from official providers, even reducing the chance of opening by someone else who has access.
The so-called spider is a type of honeypot that seeks mainly to find trackers present on the web. For this, several links and specific pages are created and assembled thinking about reaching these appropriate trackers. Upon arrival, it is possible to collect your origin and carry out the immediate blocking.
Types of honeypot
In addition to several direct applications, the honeypot can have different intensities, depending on your needs and, mainly, the size of your database. When contracting the honeypot service, it is important to determine which of these intensities really suits your business. Often, despite being better, the more intense can put the company in a delicate situation, since it is more exposed on the network. Therefore, it is important to follow up with specialized professionals.
Here, the most basic and less demanding tests are carried out, such as the connection test, evaluation of the machine's BIOS, etc. In this type, the company is at very low risk with the implementation, as there are few affected systems to put into action. However, in the same way, it is also simpler for the attacker to realize that he is facing a honeypot and cancel the attack.
It simulates real systems to avoid direct access to the company's system, and is easier to implement than high-intensity ones. In addition, it is also ideal for those looking for a service with greater performance than just the basic implementation plans.
The high-intensity type needs to be placed with caution, as they are installed on real servers, with real data. With this, it is important that the process is carried out by qualified people, to ensure the isolation of your system throughout the process. In addition, the information collected here is very well detailed and described, bringing in detail everything that was found during the tests performed.