Honeypot's

How Honeypots can help in Network Security

174H.jpg

We are living in the world of computers. And when we talk of computers, automatically the word 'internet' comes in mind. As the internet is evolving day by day, computer networks are also becoming bigger and bigger. So it is very important to talk about security in such big mesh of networks. Here the term 'security' is not related to network security only but it is also related to computer security also. Many big enterprises or organizations are dealing with the task of making their network secure to make their valuable information safe and sound. There are many attackers and hackers which are present in the network that is always ready to steal important information in an unauthorized way. From software, movies, books, games anything can be breached by the hackers. Installation of IDS (Intrusion Detection System) or analyzing computer logs is not enough to detect malicious activities. The one and only solution is to deploy honeypots.

Honeypots is like a trap which is set to detect, deflect the malicious activities or unauthorized use of information systems.

Have a look on the types of honeypots:

Honeypots are of two types: Low-interaction and high- interaction.

The main difference between these two lies in their complexity and the interaction which they offer to an attacker. The low -interaction honeypots give attackers less control and they don't involve real production systems while the other one which is high- interaction involves real OS and applications.

 Let's know how honeypots help in securing the network.

Intrusion detection is not an easy task but honeypots makes this task quite simple.

What actually honeypots do is they just make fool of attackers. The attackers start doing their malicious activities by thinking that it is a legitimate system. And as the attacker start doing unauthorized activities to the honeypots, the attack related information such as IP address of attacker's system is captured. This is how a honeypot, which is simply a computer system on the internet, attracts and trap attackers and helps in avoiding any malicious activities. However, setting up of a honeypots needs considerable attention, so there are some points which should be kept in mind while installing honeypots.

Points which one should consider while setting up a honeypot:

  • While setting up of honeypots, install the operating system without patches installed and make use of typical defaults and options.
  • There should not be any important data on the computer system which is used as a honeypot.
  • Last but not the least point which is very important to consider is add the application that is designed to record the activities of the invader.

What on earth are Botnet's & Honeypot's?

picjumbo.com_HNCK4530.jpg

Have you ever heard these two terms “Botnet & Honeypot”! These are related with your computer network. Let’s have some discussion about these terms and find out what they are and how one can infect the computer network and other can protect the system from malware attacks. Botnet: Most of the home computer users are unaware of the Botnet and its consequences. Botnets are the large networks of computers which have been infected with viruses by hackers or attackers. Due to this, all the computers grouped together in a network and allow hacker to use these computers to sent fake or junk mails, or to spread viruses to generate bigger botnetworks as well as can carry out a Daniel Of Service Attack on a website or server that can cause crash issue. A computer affected by botnet attack performs automated tasks over the internet without your knowledge. One of the bad things is that, it is tough to track the guys who have created them in first place. Attackers can use this kind of malware either to trash your data or want some ransom. They can crash your entire web server until you pay the ransom. Botnets network can range from 50 machines to thousands of computers. For huge damage, there is no need of huge hacker networks as a botnet of 400-500 computers is enough to affect a corporate website with a DOS attack.

So how we can protect our computer network or server from botnets? Answer of this is “Honeypot”.

Honeypot: It is a system which is used to detect, deflect and control attempts at unauthorized use of information systems. Honeypot includes a computer, data and network site which seems like a part of network but in fact it is isolated and monitored to gather the information and resource of value to attackers. Honeypot is used to create potential loopholes for attackers that help to identify such devices and avoid getting caught. Two or more honeypots on a network create a honeynet which is used to monitor a large diverse network that is tough to handle by single honeypot. Both honeypot and honeynet are generally implemented by larger network intrusion detection systems.

Honeypot Types: 1. Malware Honeypot 2. Spam Version 3. Email Trap 4. Database Honeypot

In order to track botnets, honeypot is used. How it can track botnet? - A bundle of unpatched computers are connected to the net and then it is analyzed and monitored that how hacker goes about compromising these systems and build their bot networks. By collecting such information, it can be used to create better security tools to protect against botnets.