How To's Tutorials
For every business organization on Internet, viruses, worms, and crackers are but a few security threats. Above all we cannot tell as to when, where and how our data or any other valuable information will be compromised. The only thing we can do to ensure the safety of our data is to take preventive measures. Honeypots are one such preventive software that are employed in a network to study the trail of unauthorized access and at the same time alert the network administrator of a possible intrusion. Actually, it is a trap set to detect attempts at unauthorized use of information system. The attacker always thinks that he is extracting some useful information but in turn a honeypot installed system attracts him away from the critical resources and traps him by following his trail. The value of a Honeypot lies in unauthorized and illicit use of that resource.
The Idea behind honeypot is to set up a ‘decoy’ system that has non-hardened operating system or one that appears to have much vulnerability for easy access to its resources. A Honeypot can detect attacks by capturing polymorphic code, capturing a variety of attacks, working with encrypted data and acquiring signatures. Honeypots are valuable surveillance and network forensic tool but at the same time it can carry risks to a network, and must be handled with care. It requires a considerable amount of network administration and understanding of protocol and security.
Honeypots work in two modes:
Now the question arises how does Honeypots work?
Honey pots are generally based on a real server, real operating system, and with data that appears to be real. One of the main differences is the location of the machine in relation to the actual servers. The most important activity of a honeypot is to capture the data, the ability to log, alert, and capture everything the bad guy is doing. Most honeypot solutions, such as Honeyd or Specter, have their own logging and alerting capabilities. This gathered information can prove to be quiet critical against the attacker.
At the end it would not be wrong to say that honeypots are good resources to track attackers, and its value lies in being attacked. But at the same time due to the listed disadvantages above Honeypots cannot replace any security mechanisms; they can only work to enhance the overall security.
Puppet Server on Centos