Introduction
With the advent and evolution of information technology (IT), there is an increase in the rate of cybercrimes, which have forced organizations to identify and implement effective network security strategies. The present reactive measures are sometimes insufficient in protecting information infrastructures in organizations. Therefore, there is a need to keep track of the new threats presented by potential hackers. One common technique of learning about hackers is through the use of honeypots. This paper aims to discuss the various types of honeypots and their efficiency in securing organizational network systems.
Uses of Honeypots
Honeypots are among the oldest IT security procedures (Verma, 2019). They are known as intrusion detection systems whose values depend on the unauthorized or illicit use of such resources. A honeypot allows a hacker into a “mimicked” system with the purpose of acting as an early detection system, slowing down automated attacks, and designing better security systems. It achieves this through gathering intelligence on emerging threats. There are several types of honeypots that organizations can employ, each depending on their functions. However, the two main types of honeypots include research and production honeypots (Sokol, Míšek, & Husák, 2017).
Research honeypots function to add value to research in cybersecurity by providing a platform to study the threat. This data could then be utilized for a variety of purposes consisting of identifying black hats, trend analysis, identifying new cybersecurity tools, and early warning and prediction. The amount of information on threats gathered by research honeypots is relatively more than that collected by other technologies (Sokol et al., 2017).
They are usually used in military organizations, governmental organizations, and education entities. Such honeypots are more challenging to deploy, maintain and have a complex architecture. An example of a research honeypot is “The Worm Propagation Model and Control Strategy Based on Distributed Honeynet.” On the other hand, production honeypots are used in organizations to prevent, detect, and respond to risks. As compared to the former, they are easy to deploy; nevertheless, they only capture limited information. They are usually placed in the production network with other production servers to enhance security. Commercial companies and corporations mainly use them. Furthermore, based on the level of interaction, high-interaction honeypots are employed in collecting information, while low-interaction honeypots are utilized for production purposes.
Effectiveness of Honeypots
Honeypots can be useful only if they are capable of deceiving black hats into thinking that they are typical computer systems. Hence they are of limited value if the hacker does not interact with such interfaces (Kambow & Passi, 2014).
They have several advantages which comprise reduced false positives thus making it efficient in detecting attacks; since all information present is malicious, they can be fragmented into smaller data sets; they require minimal resources; they collect malicious data that only a few technologies can collect, and they are flexible and easy to use. Regardless of their several advantages, honeypots are not a comprehensive security solution. This is because they are insignificant if the attackers do not use them. Moreover, they pose high-security risks to organizational networks. Low-interaction honeypots present low risks, while high-interaction honeypots present high risks (Kambow & Passi, 2014).
Overall, the use of a honeypot security system is very traditional. Although it is unconventional with a few legal issues intertwined, honeypots are an unavoidable necessity. This is because it is the only technology with the capability of luring attackers, collecting information, and monitoring their activities to aid in the creation of new defense systems that will deter future threats.
References
Kambow, N., & Passi, L. (2014). Honeypots: The need of network security. International Journal of Computer Science and Information Technologies, 5(5), 6098-6101.
Sokol, P., Míšek, J., & Husák, M. (2017). Honeypots and honeynets: Issues of privacy. EURASIP Journal on Information Security, 4, 1-9. Web.
Verma, N. (2019). Honeypot: A ploy to lure and catch cyber attackers.