Introduction: What is a Honeypot?
Honeypots are special programs that are written for one purpose: to be exploited. Honeypots emulate the appearance of a vulnerability so that attackers, viruses and worms are attracted to this system, which appears to be poorly secured.
The honeypots collect as much information as they can on the attacks coming from various sources, which enables us to later analyze and study them. This can be a great tool to use to reveal any zero-day worms that haven’t been discovered yet.
Honeypots are classified in two groups, based on different criteria.
The first criterion is based on deployment of the honeypots. There are two groups of honeypots:
Production honeypots: Primarily used in the company’s internal network to improve the security of the whole network. They are easy to use, but provide less information about the attacks. Research honeypots: These honeypots are very complex but provide very detailed information about the attacks. They are used by research, military or government organizations.
The second criterion classifies honeypots based on the design criteria and introduces three groups:
Pure honeypots: Full production systems, so no other software needs to be installed. High-interaction honeypots: Use