Most of us have a laptop and we use it to do so many things. We browse through the Internet and surf,chat,buy,pay bills etc. Many times our system suffers virus attacks and we become victim of fraudulent online cash transactions.For the prevention from all these we use anti-virus software like Norton,AVG etc But have you ever wondered how does an anti-virus software works. How is it able to detect and prevent us from bad guys throbbing 24×7 online to crack into privacy of people? Why we have to keep our anti-virus software updated? We get daily-updates for our anti-virus software. But there is huge team and enormous effort behind each and every update you get. This is a story on one of the widely used tools to catch, analyze and generate signatures for malware commonly known as computer viruses, these are Honeypots.
What is a Honeypot
A honeypot is an information system(commonly a computer system or a set of systems, servers etc)resource whose value lies in unauthorized or illicit use of that resource.In simple terms it means a system which should be accessed and exploited by hackers without getting caught, that it is a scapegoat to catch the latest trends and ways they use to attack.It is a system which is meant to get attacked and has no production value of its own, that means the system doesn’t make any connections of its own but waits for attackers to access and exploit it .Its sole use is get attacked and disclose the dirty guys and their ways of poisoning Internet and its components. Honeypots do so by generating log entries of connections made to them and generating alerts to the its master systems. That is why the name Honeypot. A very attractive place of all the bad guys . It is a valuable resource of information,the information gathered is used to generate signatures for latest attacks and further prevention from the same kind of attacks.
Honeypots come in all shapes and sizes, there are high interaction as well as low interaction honeypots. High interaction honeypots are usually deployed as operating systems and are deployed for the real time attack detection for an instance, we give hackers a set of servers to hack through and then analyse the attacks. On the other hand low interaction honeypots involve installation of software, selecting the operating systems and services we want to emulate and monitor.
Risk involved is also proportional HIHP(High Interaction Honeypots ) are less susceptible to get detected while the risk of detection of a LIHP (Low Interaction Honeypots ) is always higher.