Friday, December 5, 2008


If you are keen in studying cyber crime , hacking etc then you might be heard of the word Honeypot. What is meant by Honeypot? We are going to explain it here. In computer terminology, a honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems. It can be defined as an information system resource whose value lies in unauthorized or illicit use of that resource.

Generally it consists of a computer, data, or a network site that appears to be part of a network but which is actually isolated, unprotected in a broad sense, and monitored, and which seems to contain information or a resource that would be of value to attackers.

A honeypot is valuable as a surveillance and early-warning tool. While it is often a computer, a honeypot can take on other forms, such as files or data records, or even unused IP address space. Honeypots should have no production value and hence should not see any legitimate traffic or activity. Whatever they capture can then be surmised as malicious or unauthorized.

The advantages of Honeypots are: It collects small amounts of information. This means that it is much easier and cheaper to analyze the data a honeypot collects and derive value from it. It uses minimal resources. Honeypots can collect in-depth information that few other technologies can match. Honeypots are designed to capture anything thrown at them, including tools or tactics never seen before. Simplicity is another added advantage of Honeypots.

It has disadvantages too. The main important disadvantage is the risk factor. If they are not properly walled off, an attacker can use them to break into a network system.
Honeypots come in many shapes and sizes. Honeypots can be classified as
1. Production Honeypots
2. Research Honeypots
Production honeypots are easy to use, capture only limited information, and are used primarily by companies or corporations; Production honeypots are placed inside the production network with other production servers by organization to improve their overall state of security.

Research honeypots are run by a volunteer, non-profit research organization or an educational institution to gather information about the motives and tactics of the hackers targeting different networks. These honeypots do not add direct value to a specific organization. Instead they are used to research the threats organizations face, and to learn how to better protect against those threats.

No comments: