Imagine you are in a hacker’s basement. We’ll call this hacker Alex. Alex is clicking away, focusing on his screen and figuring out a way to penetrate your database. He finds an easy way to penetrate the server. But he thinks it’s too easy… Alex tries it anyway. He realizes he has stumbled into a trap. That trap Alex triggered is called a honeypot. This post will explain what a honeypot is, and why you should care about honeypots.
What is a honeypot? A Honeypot is either a hacker trap, or a way to gain information. They are mechanisms that are embedded into a server. Honeypots that trap hackers are sub-servers, designed to catch hackers, by baiting them in, thinking that the honeypot has valuable data. But the data is actually fake. Honeypots are closely monitored to see if someone has gained access. In a successful scenario, the hacker tries to hack the honeypot, he gains access, but the hacker accidentally gives away his location and exposes himself. There are various types of honeypots, like email traps, which are unused email addresses that can be used to find the IP address of a spammer, or Database Honeypots, that are basically fake servers. Two or more honeypots can form a honeynet, which are multiple honeypots on one server.
Hackers and spammers are inevitable, therefore you need to find different methods to protect your servers. Honeypots can help. Since one of your major concerns is to keep your website/database running, one type of honeypot that offers protection, would be Spam Traps. If someone sends an excessive number of packets (digital data), it can overload the server, which is known as Denial of Service, or DOS. If multiple computers send excessive digital data, it’s known as Distributed Denial of Service or DDOS. Email traps identify who is attempting to deny you access to your fake email, and you can figure out what the IP Address is and stop it. A Spam Trap is a fake sub-server that receives spam, but it doesn’t take down the main server, because the sub-server’s only function is to receive spam, and isn’t related to the web application itself. Production and Database honeypots are fake sub-servers that distract the hacker from the real server, and attempt to waste some of the hacker’s time. These sub-servers have firewalls to keep the sub-server that allegedly has “valuable information”, safe. The hacker takes the bait, and penetrates the sub-server. The sub-server is monitored, and the hacker’s presence could be revealed. All while the real database is up and running, completely unaffected.
Even though Honeypots are a great tool in protecting your server, they need to be implemented correctly. If not, it could lead to disastrous repercussions. Even more important is the fact that Honeypots cannot be standalone! Honeypots can be a valuable component in your Cybersecurity strategy, in conjunction with several other tools and defense mechanisms.
Alex knows he has to pack it up, and hide. He shuts down the computer hoping your company didn’t notice the attempt of penetration. But in reality, you were expecting it the whole time.