Honeypot is a software or computer that simulate a vulnerable system to attract attackers. This is a sweet for hackers or people who wants to play in the illegal side. This kind of “security systems”(from now SS) are used to know attack methods, possible systems failures or solutions to that failures. I mean SS because knowing different patterns, you can shield your infrastructure to prevent this type of attacks.
A honeypot is used to distract an attacker making a system more attractive. For example, is more appealing a computer called “server” than “computer”. Is more attractive a file called “passwords” than “images”. This are two examples of thousands.
A honeypot is then used to monitor the network. When an attacker is trying to crack your system, you have an opportunity to know more about the attacker.
For all of the above, a honeypot is a prevention and detection system.
Kind of honeypots:
Depending of function:
Production: Only capture information.
Research: Capture extensive information and used to research, military, or government organizations.
Depending of interaction with attacker:
Low interaction: Emulate services. Attacker think that is cracking a system but it is a software that is emulating this service.
High interaction: Attacker interact with it totally. All is real
At the beginning this honeypots were in most of the cases too expensive physical machines. At this time a honeypot can be a virtual machine in a virtual network with a virtual ip 🙂
I will test this kind of software to post comments in future.