What is Honeypot?
Honeypot is mechanism for detects cyber-criminal. It set up as a decoy to lure cyberattackers and to detect, deflect or study hacking attempts in order to gain unauthorized access to information systems.
How honeypots work in the enterprise?
Detect the attacker before breach : HoneyPot detects unusual traffic in the network. Data that enters and leaves a honeypot allows security staff to gather information that is not available from an intrusion detection system (IDS).
Set-up Honeypot farms : Honeypot will be next future for IT industries. IIoT is taking a place of industries and other IT industries are growing day by day. Honeypot will help to track and figure-out traffic analysis for an organization.
Easy set-up for Honeypot : In the near future, honeypots will be able to “learn” about networks and configure themselves, making them a lot easier to deploy in large numbers.
Basic four steps How it works?
Step : 1
It should be installed in machine or server or network. Honeyd detects unused IP space from the network.
Step : 2
When attacker comes and start attacking then honeyd takes one IP address from unused IP using ARP spoofing technique and creates Honeypot.
Step : 3
Honeyd will create virtual network to interact with an attacker. An attacker gain the success for that created virtual network and he thinks that He hacked the system.
Step : 4
In last, Honeyd automatically updates its list of unused IP addresses as systems and added or removed from the network.