Honeypots give crooks a taste of their own medicine

Anton P. | June 26, 2020

Honeypot is a high-risk, high-reward type of situation. Dedicated specialists design a vulnerable system and place it on a silver platter for hackers. The system features significant flaws and appears to be participating in the legitimate traffic from one’s network. However, this impression is faulty as the poorly-constructed device or system is a trap for crooks. The honeypot is one of the oldest techniques in IT, and it depends on the hackers’ lack of restraint after detecting a vulnerable device or system.

How is honeypot the bait for cybercriminals?

Honeypot (computing) is a fitting name for this endeavor. Security specialists allure hackers with an idealistic scenario of an exploitable system or device. So, the honeypot refers to the object or the bait that experts place on the hook. Hackers will assume that the vulnerable system is a part of the legitimate infrastructure. In reality, IT pros usually separate and isolate the decoy to prevent any negative impact on the actual foundation. But why do specialists go through all this trouble?

The objective of a honeypot is to detect and thoroughly analyze incoming cyberattacks in real-time. When integrating a flawed device, specialists make all the necessary preparations to monitor how events unfold. Additionally, experts might extract valuable information on hackers: their IP addresses, data used, attack type, etc. So, such baiting can be an addition to the company’s penetration testing plan. However, not all honeypots are the same: they can simulate different flaws, have distinct structures and objectives.

Types of honeypots

First of all, let’s discuss the broader types of honeypots: research and production. The research ones are all about finding out how hackers perform their attacks. Hence, they usually belong to devoted security researchers, academics, or government agencies diving deep to examine the current threat landscape.

On the other end, we have production honeypots, usually used by enterprises. They deploy flawed objects as bait to gain insights into the way their infrastructure works. Companies tend to isolate such devices from their real systems to guarantee that hackers won’t infiltrate them. However, there are more specific types as well:

  • Pure honeypot. It is the most believable bait as experts do not separate it from the rest of the network. Since the vulnerable object belongs to the main infrastructure, it is the riskiest type. Close monitoring is a necessity for surveilling and controlling access. Hence, while highly-rewarding, it can have potentially severe repercussions on the entire system.
  • Low-interaction honeypot. This type of provocation relies on a virtual machine posing as a legitimate entity. Typically, the honeypot impersonates the most common attack vector. Thus, it is easier to maintain, monitor, and protect from any lasting negative effects. However, experienced attackers can recognize it as fake and abort their mission before experts get any insightful results.
  • High-interaction honeypot. Experts isolate such traps from the rest of the network. A single device can operate several virtual machines to mimic intense interactions and traffic. In such cases, experts can easily mitigate incoming attacks and prevent them from reaching the real infrastructure.

Possible dangers and repercussions

As expected, honeypots tend to attract more hackers to a specific system. However, to guarantee that a vulnerable entity won’t compromise the entire company, experts must follow certain regulations. So, besides attempting to test your network, consider that the baiting can turn against you.

  • Have a proper Intrusion Detection System (IDS). This software is a necessity for all enterprises and organizations. You need to monitor and detect everything to guarantee that no malicious or intrusive activity takes place.
  • Properly configure honeypots. A poorly set decoy might serve as the gate to objects in the network with more valuable resources.
  • The bait only monitors activity directed to it. Even if the coast is clear in terms of the trap, never neglect the legitimate system components. Always apply the industry-standard solutions to guarantee that all devices and systems are immune to hacks. For instance, attackers can recognize that a vulnerable device is a ruse. Then, they can launch a series of malicious acts as a distraction.
  • Do not forget the basic security tools. Every company needs to protect its assets, employees, and customers. This responsibility includes getting a VPN, an anti-malware program, firewalls, PKI and others.
Anton P.

Anton P.

Former chef and the head of Atlas VPN blog team. He's an experienced cybersecurity expert with a background of technical content writing.


penetration testing

© 2023 Atlas VPN. All rights reserved.