![]() ![]() ![]() At the other extreme would be highly-involved honeypots. Here the information generated by the honeypot is limited (mainly who connected to which ports and when) however, there is little that the attacker can exploit. Attackers can merely scan and potentially connect to several ports. By the same token, the more an attacker can do to the honeypot, the more potential damage that attacker can inflict on the host system.įor example, a low involvement honeypot would be one that is easy to install that simply emulates a few services. The more a honeypot can do and the more an attacker can do to a honeypot, the more value can be derived from it. At the same time, the more involved a honeypot is, the more risk it is likely to have. Simply put, the more involved a honeypot is, the more value it can have. Because of this, I have identified what I call 'level of involvement'. The more I work with honeypots, the more I realize that no two honeypots are alike. Now that we have been discussing the different types of honeypots and their value, let's discuss some examples. We will also briefly discuss some important legal isues associated with honeypots and their use. This installment will take a look at some examples of different types of honeypots. ![]() The first article offered a brief overview of honeypots, as well as the discussion of some their inherent strengths and weaknesses. This is the second article in a two-part series that will offer an overview of honeypots: what they are, how they can add value to an organization, and several honeypot solutions. By Lance Spitzner The Value of Honeypots, Part Two: Honeypot Solutions and Legal Issuesīy Lance Spitzner with extensive help from Marty Roesch ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
December 2022
Categories |