In computer terminology, a honeypot is a computer security mechanism set to detect, deflect or in some manner counteract attempts at unauthorized use of information systems.
It consists of data that appears to be a legitimate part of the site and contains information or resources of value to attackers.
It is a computer system intended to mimic likely targets of cyberattacks.
It can be used to detect attacks and deflect them.
It works by being an intentionally vulnerable hole in security. A honeypot can be an effective tool for securing your network by diverting hackers’ attention away from your sensitive data.
Honeypots are deployed using docker which is an open-source platform which is running, developing and distributing operations.
They are deployed into individual containers to maintain isolation and avoid the errors escalating.
There are many advantages of honeypots :
You will be able to see who is attacking you and what method is being used.
They can be used to determine how systems are attacked and are also a very useful part of the system defenses.
Also, an attack on a honeypot is likely to frustrate a hacker and stop them from hacking your real computer systems.
There is a disadvantage of honeypots too. Since no system is perfect and there are notable disadvantages of honeypots.
If an attack involves other systems and the honeypot is untouched.
Honeypots have a narrow field of view: they only see what activity is directed against them. If an attacker breaks into your network and attacks a variety of systems, your honeypot will be blissfully unaware of the activity unless it is attacked directly.
Once the honeypot is accessed it could be used as a launchpad for further attacks. Those attacks could be conducted on an internal system or another company. Honeypots, therefore, introduce risk. There is therefore an issue of legal liability.
There are free options available that will make it more cost-effective to set up a honeypot, although they still require resources.
The hardware comes at a cost and they require maintenance and monitoring. The cost may be prohibitively expensive for some businesses.
Types of honeypots :
(I) High interaction honeypot:- These honeypots imitate real-world systems and applications with actual services, functions, and operating systems involving high levels of interactivity.
It gives extensive details about how an attack progresses and how payloads execute in a network.
(II) Medium interaction honeypot:- They fall in between high and low levels of honeypots. They imitate the application layer but don’t have their operating system.
They come with expanded capabilities than low interaction honeypot and reduced capabilities than high interaction honeypot.
(III) Low interaction honeypot:- They allow partial interaction with the system as they run limited emulated services with restricted functionality.
They are commonly used in production environments.
Case studies :
The cyber attacks/threats among us are constantly growing.
These attacks are carried out by the criminals sometimes for financial gains or some have strategic values.
The main targets for these types of threats are universities as they possess valuable research and they have promoted openness of culture.
The risks are increasing from both cybercriminals driven by profits and nation-states driven by strategic interests.
Universities face several challenges regarding cybersecurity.
(I) In the USA alone, it is estimated by the official sources that cyber threats or cyber activity cost the US economy between $57 billion and $109 billion in 2016.
Universities are facing these cyber threats issues because of their valuable research data.
More than half of the higher education institutions reported that they had experienced at least once a security breach.
These resulted in a loss of money for the universities.
(II) The challenge has also been identified in The Danish Defence Intelligence Service Center for Cyber Security (CFCS) that foreign states are conducting acts of espionage against Danish research.
There is an ongoing discussion within the research and education sector that how can these issues be resolved without affecting the openness of the culture in the university.
(III) Universities have a large amount of data that is in many forms such as personal data from employers and students, intellectual property, or research data from third parties.
(IV) Keeping all this in mind, large interaction honeypots are the best choice for the universities. They have the lowest necessary time of deployment and maintenance.
Also, they present a low risk of being compromised because they are not having an actual interaction system. The Large interaction honeypots can provide an overview of the attacked protocols.
These types of honeypots do not require a large amount of time to be spent daily on monitoring. The data generated by them can be structured for automatic processing. Some medium interaction honeypots can also be deployed.