Honeypots

One of the more interesting systems you will encounter is a honeypot. A honeypot may sound like something out of a Winnie the Pooh book, but it is actually a device or system used to attract and trap attackers that are trying to gain access to a system. However, honeypots are far from being just a booby trap; they have also been used as research tools, as decoys, and just to gain information. They are not designed to address any specific security problem.

Because of the way honeypots are positioned, it is safe to assume that any and all interactions with the device are anything but benign in nature.

High vs. Low Interaction

Honeypots are not all created equal. There are two main categories: high- and low-interaction varieties.

Low-interaction honeypots rely on the emulation of service and programs that would be found on a vulnerable system. If attacked, the system detects the activity and throws an error that can be reviewed by an administrator.

High-interaction honeypots are more complex than low-interaction ones in that they are no longer a single system that looks vulnerable but an entire network typically known as a honeynet. Any activity that happens in this tightly controlled and monitored environment is reported. One other difference in this setup is that in lieu of emulation, real systems with real applications are present.