A Honeypot is an intelligent anti-hacking computer program that protects sensitive data from being stolen by hackers.
If the use of computers and internet is increasingly on the rise, so are the threats and dangers that come as a part of this technological advancement. With more and more information being shared on the internet by multi-million dollar corporations or governments throughout the world, hackers can have a field day without the correct security systems in place to protect such sensitive data. Honeypot is exactly one such software program that helps an organization or an individual to safeguard their information from going into the wrong hands.
If a Honeypot had to be explained metaphorically, then perhaps the instance of a policeman baiting a criminal and keeping tabs on him, would be the most suitable example in this matter. However, in the virtual world, this principle works a bit differently. A Honeypot is basically a computer program that is designed to detect, deflect, or counteract any attempt made at using the protected information without authority. In other words, a Honeypot program either learns that a hacker is trying to steal some information from a system, or puts the hacker off from doing so. Honeypot is named so because it is designed to be a trap. It lures in hackers with its honey, i.e. the information provided, and traps them in the pot, i.e. the program itself. Usually, a Honeypot appears to be part of a network, but in reality, it operates in isolation and is monitored. Following are the different types of Honeypots in operation currently:
Depending upon their deployment and the level of involvement in a system, Honeypots are classified as:
Production Honeypots: As the name suggests, these Honeypots are placed within the production network or the servers of an organization. These are usually low in interaction and do not provide much information to the hackers. The main reason of their existence is to improve the state of security within a production network.
Research Honeypots: These are the typical Honeypots that lure in hackers with a large amount of information, and try to learn their hacking patterns and activities. These kinds of programs usually add little or no value to an organization, which is probably why these are run in isolation. Unlike Production Honeypots, Research Honeypots are never placed within a network. They are better than their production counterpart at handling threat. This is the reason why Research Honeypots are primarily deployed by research, military or government organizations.
Apart from their deployment, there are also different types of Honeypots which are based on their design:
Pure Honeypots: Pure Honeypots work through a tap that is installed on its link to the organization network. Once a Pure Honeypot is in place, no other protection system needs to be installed, as the activities of an attacker are duly tracked and regulated by this program. Having said that, options of a more controlled mechanism than a Pure Honeypot are also available to a user, to maintain the secrecy of defense measures against hackers.
High-interaction Honeypots: These Honeypots are a hacker’s nightmare. High-interaction Honeypots provide a world of information to the hackers, so that they get stalled and waste their time on it. Meanwhile, the Honeypot is up to its usual functions of learning all about the hacker and shutting him down slowly and secretively. By enabling virtual machines in an organization, multiple Honeypots of these kinds can be employed on a single machine. This way, even if a Honeypot fails or crashes, the other one is ready to take its place and keep the hacker busy, who would never even know about the replacement! A network of multiple Honeypots is known as a Honeynet.
Low-interaction Honeypots: Honeypot systems of this kind are usually required for specific services, which the hackers frequently engage in. Other than that, they don’t provide much value to an organization. Their installation is relatively cheap as compared to the High-interaction Honeypots, and they can be easily hosted on one physical system. Moreover, they involve limited coding, reduced response time and are less complex as well. A good example in this reference would be Honeyd, the open source Honeypot program.
Besides these types of Honeypots, there are also other versions of Honeypots such as the Email traps, the spam versions, or the database Honeypot. However, the basic functions of all these Honeypots remain the same, which is to distract and detect a hacker’s malicious activities.
Therefore, the above was a brief account on Honeypot and the different types of it.