Types
Honeypots can be classified based on their deployment and based on their level of involvement. Based on deployment, honeypots may be classified as:
- production honeypots
- research honeypots
Production honeypots are easy to use, capture only limited information, and are used primarily by companies or corporations; Production honeypots are placed inside the production network with other production servers by an organization to improve their overall state of security. Normally, production honeypots are low-interaction honeypots, which are easier to deploy. They give less information about the attacks or attackers than research honeypots do.
Research honeypots are run to gather information about the motives and tactics of the Blackhat community targeting different networks. These honeypots do not add direct value to a specific organization; instead, they are used to research the threats organizations face and to learn how to better protect against those threats. Research honeypots are complex to deploy and maintain, capture extensive information, and are used primarily by research, military, or government organizations.
Based on design criteria, honeypots can be classified as
- pure honeypots
- high-interaction honeypots
- low-interaction honeypots
Pure honeypots are full-fledged production systems. The activities of the attacker are monitored using a casual tap that has been installed on the honeypot's link to the network. No other software needs to be installed. Even though a pure honeypot is useful, stealthiness of the defense mechanisms can be ensured by a more controlled mechanism.
High-interaction honeypots imitate the activities of the real systems that host a variety of services and, therefore, an attacker may be allowed a lot of services to waste his time. According to recent researches in high interaction honeypot technology, by employing virtual machines, multiple honeypots can be hosted on a single physical machine. Therefore, even if the honeypot is compromised, it can be restored more quickly. In general, high interaction honeypots provide more security by being difficult to detect, but they are highly expensive to maintain. If virtual machines are not available, one honeypot must be maintained for each physical computer, which can be exorbitantly expensive. Example: Honeynet.
Low-interaction honeypots simulate only the services frequently requested by attackers. Since they consume relatively few resources, multiple virtual machines can easily be hosted on one physical system, the virtual systems have a short response time, and less code is required, reducing the complexity of the security of the virtual systems. Example: Honeyd.
Read more about this topic: Honeypot (computing)
Famous quotes containing the word types:
“Our children evaluate themselves based on the opinions we have of them. When we use harsh words, biting comments, and a sarcastic tone of voice, we plant the seeds of self-doubt in their developing minds.... Children who receive a steady diet of these types of messages end up feeling powerless, inadequate, and unimportant. They start to believe that they are bad, and that they can never do enough.”
—Stephanie Martson (20th century)
“As for types like my own, obscurely motivated by the conviction that our existence was worthless if we didn’t make a turning point of it, we were assigned to the humanities, to poetry, philosophy, painting—the nursery games of humankind, which had to be left behind when the age of science began. The humanities would be called upon to choose a wallpaper for the crypt, as the end drew near.”
—Saul Bellow (b. 1915)
“Science is intimately integrated with the whole social structure and cultural tradition. They mutually support one other—only in certain types of society can science flourish, and conversely without a continuous and healthy development and application of science such a society cannot function properly.”
—Talcott Parsons (1902–1979)