Honeypot calls to remembrance the Trojan Horse a concept first put to use in the Greek mythology. It’s an open gift that is part of a game plan. Due to the concurrent incidence of cyberattack, cybersecurity experts then thought of it. Why wait for them to attack first? Why don’t we attract them using a decoy so we can study their pattern and means of attack, then we can adequately defend our systems against such attack. Honey pot in cybersecurity stands for a decoy kept in the plan to monitor malicious activities, patterns and attacks to catch the culprit. In order words in cybersecurity honey pot is a trap set by cyber defenders to catch cyber offenders. 

The Honey pot presents itself as a target, it attracts malicious attacks. It is usually a server or whatever brilliant setup the security admin comes up with, it gathers information about attackers, their attack patterns and attempts to access the honey and give reports to the defenders.

A honeypot system is an especially enforced security system through the use of a hardened operating system with extra caution taken to ensure they are not too open to threat. Honey pots are usually coded to appear vulnerable to attackers. The major aim of a honey pot is to know the weakness of the security of the system and how to adjust. Honeypots can be considered as one of the oldest security measures in the cybersecurity discipline.

How does Honeypot work?

A honey pot is a system which means it consists of a computer, applications and data that imitates the character of a real system. Usually made to be very attractive to hackers and attackers because it looks like it contains a lot of juicy information. It appears as part of a network but is actually isolated and monitored closely. All attempts to communicate with a honey pot are reported as malicious, since it is isolated and not expected to be interacted or communicated with.

What are the different types of honeypots?

There are different types, they can be categorized based on the way they are  built and the  purpose they serve in your organization.

Based on the way they are built, there are three different kinds of honeypots:

1. Low-interaction honeypot:  Easiest construct they are less risky and easier to maintain. but it might look “Really fake” to a hacker. It does not point malicious users to the root system. Mostly used to detect attacks from bots and malware.
2. High-interaction honeypot: This uses virtual machines to ensure that potentially compromised systems are isolated.

3. Pure honeypot:  Appears most realistic to an attacker. It pinpoints attacks to the network link. It is very time consuming and difficult to build and manage but they are very authentic targets.

Based on their purpose honeypots can be classified into

1. Research honeypot: This is meant to uniquely search for stolen data, identify and discover how attackers develop and process their attacks.
2. Production Honeypot: This is a decoy meant to take the focus off the main production. It is designed to look like part of the production but contains information to attract attackers.

HoneyPot Projects

1. Canary Tokens: Canarytokens is a free tool that helps you discover you’ve been breached by having attackers announce themselves.  The tokens allow you to implant traps around your network and notifies you as soon as they are triggered

2. Snare: SNARE, a web application honeypot sensor, is the successor of Glastopf. SNARE has feature parity with Glastopf and allows it to convert existing web pages into attack surfaces.

3. Google Hack Honeypot (GHH): GHH is designed to provide reconnaissance against attackers that use search engines as a hacking tool against your resources. GHH implements honeypot theory to provide additional security to your web presence.

4. Wordpot: Wordpot is a WordPress honeypot which detects probes for plugins, themes, timthumb and other common files used to fingerprint a wordpress installation.

5. Honeymysql: Honeymysql is a simple Mysql honeypot project. The project started with a reference to the MysqlPot, which is a Mysql honeypot written by C Sharp.
6. Mailoney: Mailoney is a SMTP Honeypot written with the Python programming language. There are various modules or types that provide custom modes to fit diverse needs.

7. HoneyThing: HoneyThing is a honeypot for the Internet of Things. It’s designed to act as a modem/router that has a RomPager embedded web server and supports TR-069 (CWMP) protocol.

What is next? check on here for more.