Honeynets & Honeypots
Honeypots
They are a highly flexible tool that comes in many forms and contribute to the overall security of a given network. They can be used for anything from detecting new attack methods to capturing the latest techniques and tools of attackers.
Type of Honeypots
There are basically 2 ways to classify honeypots:
1- Based on what the purposes of the honeypots are (production or research purpose).
2- Based on one of the main characteristics of the honeypots ( low- or high-interactivity honeypots).
Production / Research
Production : are usually used by commercial organizations to help lessen risks. It adds value to the security measures. They tend to be easy to deploy and maintain and their simplicity keeps the related risks low. Due to their nature and on-purpose lack of flexibility, they offer very little opportunities for attackers to use them in order to perform actual attacks.
Research : are designed to gather information about the attackers. They do not provide any direct value to a specific organization but are used to collect information about what threats organizations may face and therefore better protection methods can be developed and deployed against these threats.
Low / High Interactivity
Interaction defines the level of activity a honeypot allows an attacker.
Low-interactivity honeypots do not implement actual functional services, but provide an emulated environment that can masquerade as a real OS running services to connecting clients
High-interactivity honeypots, on the other hand, do not emulate anything and gives the attacker areal system to interact with where almost nothing is restricted which makes them more risky than the low-interactivity honeypots. These types of honeypots should be placed behind a firewall to limit the risks.