The amount of risk depends on the type and configuration of the honeypot. The main
risk imposed by a honeypot is the risk a compromised honeypot poses to the rest of your
organization. There is nothing worst than an attacker gaining access to your honeypot
and then using that honeypot as a leaping-off point to further attack your network.
Another form of risk imposed by honeypots is the downstream liability if an attacker
uses the honeypot in your organization to attack other organizations. To assist in managing
risk, there are two types of honeypots: low interaction and high interaction.
Low-Interaction Honeypots
Low-interaction honeypots emulate services and systems in order to fake out the
attacker but do not offer full access to the underlying system. These types of honeypots
are often used in production environments where the risk of attacking other production
systems is high. These types of honeypots can supplement intrusion detection technologies,
as they offer a very low false-positive rate because everything that comes to them
was unsolicited and thereby suspicious.
honeyd
honeyd is a set of scripts developed by Niels Provos and has established itself as the de
facto standard for low-interaction honeypots.
Pages:
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879