11.3 - Honeypots

 11.3 - Honeypots 

 

Key Terms: 

    • Honeypot – A physical or virtual network device set up to look like a legitimate network resource to attract a hacker. 
    • Low-level – A honeypot that stimulates a limited number of services and applications of a target system. 
    • Honeypot interaction levels – Indicates the amount of interaction that a hacker can have with a honeypot. 
    • Medium-level – A honeypot that simulates a real OS, applications and services. 
    • High-level – A honeypot that simulates all services and applications. It can be completely compromised to give a hacker access to a controlled area. 
    • VMware – A virtualisation software. 
    • User-Mode Linux (UML) - A software program which allows a user to virtually run one or more versions of Linux on one session. 

 

Honeypots 

Honeypots are network devices set up to look like a real network resource. They are implemented to attract hackers and can monitor the hacker’s activity if they try to break into it. Honeypot environments are designed to safely store and monitor malicious files and code if the hacker chooses to upload rootkits and malware. 

 

Honeypot Types 

    • Physical – These are actual network devices with real IP addresses on the network. 
    • Virtual – These are simulated devices on a network. Virtual honeypots are usually more cost-effective. 

 

Honeypot Placement 

Based on the topology of the network, honey pots can be placed inside or outside the firewall. If placed on the outside of the firewall, there is less risk of accidental breaches into the network. However, if placed inside the firewall, the honeypot will look more realistic and valuable. 

 

Honeypot Interaction Levels 

A low-level honeypot simulates a small number of applications and services on a network. They can’t be compromised fully, and they are generally set to collect information about attacks. Medium-level honeypots simulates a real OS, application and services. High-level honeypots simulate all services and applications that can be found on a real device. High-level honeypots look the most realistic however, they have the most risk and highest cost. 

 

Tools 

    • KFSensorAn IDS and honeypot simulator. 
    • HoneyBOTCapable of simulating a wide range of services and applications. 
    • HoneyDriveA Linux based honeypot that contains preinstalled and configured services/applications. 

 

Find Honeypots 

To find a honeypot, a hacker may probe the services running to find suspicious activity that may indicate a honeypot. Ports that show running services but deny handshake connections may also indicate a honeypot environment. 

Comments

Post a Comment

Popular posts from this blog

OSA Assignment 1 - Task 3 GUIDE

Image
  OSA Assignment 1 – Task 3 Guide     Exam parameters   Time length – 5 hours (2x 2 ½ sessions)   Marks available – 28     Task 3: Design – Communication Equipment   In this task you are required to submit :   A technical proposal covering the switches, wireless infrastructure and specifications   Justification of planned network architecture and considerations for security, resilience, performance and redundancy   Evidence print screens   Annotated floor plan/network diagram     Technical Proposal   The technical proposal in task 3 follows a similar format as task 2. It's another large document detailing the requirements and recommendations for the company. In task 3, however , it should discuss communication and other digital equipment such as switches, CCTV and APs.   You should recommend multiple hardware solutions and justify between them.   Here are some examples of tables and information ...
Read more

OSA Assignment 1 - Task 1 GUIDE

  OSA Assignment 1 – Task 1 Guide     Exam parameters   Time length – 3 hours   Marks available – 20     Task 1: Planning   In this task you are required to submit :   A project plan   Gantt chart showing th e critical path   Explanation of legal requirements   Physical and digital threat countermeasures   Annotated floor plan     Gantt Chart   The Gantt Chart is the first document you should create. This details each phase of the project alongside the timescale to complete it.   Ensure you make a note of the deadline for the project along with any pre-requisites such as cabling. This should all be implemented into your Gantt Chart.   You can follow a layout like this:   Project:   Pre considerations (Gathering project timescale, risk assessments, ...)   Planning (Devising project plan, identifying budget, ...)   Design (Research hardware, identify topology, ...)   Pre ...
Read more

OSA Summer 2023 Mock - Task 1, Assignment 1

Image
  OSA Summer 2023 Mock – Task 1           Legal requirements   The company must ensure they are compliant with the correct legislation whilst the project is undertaken.   If any person is working at height, the correct safety measures to prevent injury or death must be imposed under The Work at Height Regulations 2005. They must have an appropriate safety harness on and hazardous areas at height should be i dentified in the risk assessment.   By storing data internally on a local file server, the business is responsible for maintaining the confidentiality, availability and integrity of that data. They must comply with The Data Protection Act 2018 and General Data Protection Regulations.   Display screen equipment regulations (DSE) should be considered when installing workstations. Ergonomic and posture-friendly chairs should be installed and employees given appropriate breaks from working around screens.     Data p...
Read more