Honeypots are computer systems or network components designed to attract attackers. They can be used to study attack methods, distract them from other systems, or set a trap for hackers.
The term honeypot is a computer system that is intended to attract attacks. The goal of the honeypot is to mislead the attacker, to distract him from the actual target, to log and analyze his attack methods or to identify the attacker. The apparent target can be a software, PC, server or a network component. It presents itself as an interesting target for attack and may have security holes.
How A Honeypot Works
A honeypot should behave like a real computer or a real network. The systems are isolated on the inside and specially monitored. By installing special software on the systems, it is possible to identify attacks, record activities and trace the origin of the attacks. The purpose of this software is to identify a hacker or to gain experience with the different attack methods. Real services and applications or fake data can be found on the system so that a honeypot appears as real as possible to the attacker. However, since these applications are not used by normal users, it can be assumed that every contact with the services or every use of the applications is likely to have an improper background. A virtual honeypot is implemented on a single server, which behaves like a complete network to the outside world. This means that you only need a single and not several systems to simulate a vulnerable network.
Low-Interaction Honeypots
Honeypots with a low degree of interactivity are essentially based on the imitation of real systems or applications. Services and functions are usually only simulated to the extent that an attack is possible.
High-Interaction Honeypots
Honeypots with a high degree of interactivity are generally real systems that offer server services and therefore have to be monitored and secured well. If a high-interaction honeypot is not adequately shielded from the most productive, there is a risk that an attacker could take it over, infiltrate the system to be protected or initiate attacks on other servers in the network.
