Learn about 'Honeypot' and 'honeynet'
In countless measures to prevent hackers from breaking into the system
In the myriad of measures to prevent hackers from breaking into the system, the "honeypot" and "honeynet" are considered one of the pitfalls designed with the item. this destination.
I. HONEYPOT
1. What is Honeypot :
- Honeypot is an information resource system built with the aim of deceiving illegal users and intruders, attracting their attention, preventing them from contacting the real system.
- Information resource system means Honeypot can disguise any kind of resource server such as Mail Server, Domain Name Server, Web Server . Honeypot will directly interact with hackers and find ways to exploit information news about hackers such as attack, attack tools or how to proceed instead of being attacked.
2. Types of Honeypot :
There are two main types : Low interaction and high interaction
+ Low interaction: Simulate fake services, applications, and operating systems. Low risk level, easy to deploy and maintain but limited in service.
+ High interaction: Are real services, applications and operating systems. The level of information collected is high. But the risk is high and time consuming to operate and maintain.
VD model of honeypot types
- BackOfficer Friendly (BOF) : A type of Honeypot is easy to operate and configure and can operate on any version of Windows and Unix but only interacts with some simple services like FTP, Telnet, SMTP .
- Specter : It is also the type of Honeypot with low interaction but better interaction than BOF, emulation of over 14 ports, can be warned and managed remotely. However, like BOF, specter has limited number of services and is not flexible.
- Honeyd :
Honeyd listens on all TCP and UDP ports, simulation services designed with the purpose of preventing and recording attacks, interacting with attackers as a victim system.
+ Honeyd can simulate many different operating systems simultaneously.
+ Currently, Honeyd has many versions and can simulate about 473 operating systems.
+ Honeyd is a low-interaction Honeypot type with many advantages but Honeyd has the disadvantage of not being able to provide a real operating system to interact with hackers and there is no warning mechanism when detecting a compromised system. or in danger.
II. HONEYNET
1. What is Honeynet :
- Honeynet is a highly interactive form of honeypot. Unlike honeypots, Honeynet is a real system, exactly like a normal network. Honeynet provides real systems, applications and services.
- The most important thing when building a honeynet is the honeywall. Honeywall is the gateway between honeypots and external networks. It works on the second floor as Bridged. Data streams when entering and exiting honeypots must go through honeywall.
2. honeynet architecture model (GenII)
3. Honeynet functions
a. Control data :
- When malicious codes infiltrate the honeynet, operations will be controlled.
- The data flow when entering is not limited, but when going out, it will be limited.
b. Data acquisition :
When data enters, the honeynet will review and record all destructive activities and then analyze the motives of hackers.
c. Data analysis : The main purpose of honey net is to collect information. Once the information is available, users need to be able to analyze this information.
d. Data collection : Collect data from honeynets to a centralized source. Applies only to organizations with multiple honeynets. Most organizations have only one honeynet.
DuyLong
- Migratory birds learn
- Learn the process of conception in humans through images
- What is the best way to learn with your child?
- Do problems with practical examples help students learn math well?
- The more you know, the easier it is to learn
- Scientifically proven: This is a way for you to learn anything as fast as lightning
- Frogs have the ability to learn words in eggs
- How do birds learn to fly?
- Whales can ... learn a foreign language
- Amazing Slow Down 3.1.4 - Learn music by slow listening
What is the Snapdragon SiP chip? How to create a yellow circle around the mouse cursor on Windows Edit the Boot.ini file in Windows XP 3 ways to restart the remote computer via the Internet Vietnam computer market: Looking back a year How to restore deleted applications on Android How to increase the capacity of C drive on Windows 10, 8, 7 ... 8 security features of Windows operating system