By Idd Salim
Shamelessly copy-pasted from Wikipedia, “a honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer, data, or a network site that appears to be part of a network, but is actually isolated, (un)protected, and monitored, and which seems to contain information or a resource of value to attackers.”
U think u are getting in, but you are being lured and watched…
Evil use of a honeypot?
Evil Boss 1 and Evil IT Guy 1 manipulate the Banking System and steal some money and siphon it to an off-shore account. Good Boss 2 realizes this and tells good IT guy 2 to investigate using the server logs plus all the techniques s/he can apply. Evil Boss 1 starts getting worried, but Evil IT guy1 knows what to do. Setup a weak and unsecured replica of the server setup and make it easily to hack. At this point a wannabe Hacker1 somewhere come in smelling a cooked meal and true to the word get through.? The Wannabe Hacker1 is caught and the Evil IT guy1 present the hacking incident to the authority. Evil Boss1 and Evil IT guy1 escape the charges while wannabe hacker1 rots in Kamiti.
From the above, a honeypot has been setup to masquerade as a real live system and a un-seasoned hacker has been caught and victimized and the real culprits go free.
Classic Business use of a honeypot?
The real use of a honeypot is to collect info. Make a machine ‘hackable-ish’ to see what attacks REAL hackers would use on your REAL internal systems. Like a decoy. An IT admin can then classify the high-risk attacks used e.g. SQL Injection, DoS, dDoS, DrDoS or even stuff as trivial as portscans and ping floods.
It is in the interest of many business or companies to understand how to detect the honeypot activities both the good ones and the ugly..