A way to be prevented in case someones is trying to access your server is to put a fake system, a trap to detect when an attacker is trying to access without the administrator’s permission. It is a great way to protect a system because it turns the tables tpo the hackers, not letting them access,helping the admin to know when he is being attacked, learn from it and improve the security.
In general there are two main types of honeypots:
Production Honeypot: Used by companies and corporations for the purpose of researching the motives of hackers as well as diverting and mitigating the risk of attacks on the overall network.
Research Honeypot: Used by nonprofit organizations and educational institutions for the sole purpose of researching the motives and tactics of the hacker community for targeting different networks.
When configuring your honepot you should have logs for all devices in the honeypot sent to a centralized logging server, and all the security stuff must be noticed when someone is doing an attack, that way the staff will be ready to monitor al keep track of what the hacker is doing and make sure the real environment is not compromised.
It is also important that your honeypot system is attractive to a potential attacker. This can be done by keeping it not so secure to encourage the attacker to go for the honeypot:
- It should have ports that respond to port scans, have user accounts and various system files.
- Passwords to fake accounts should be weak,
- certain vulnerable ports should be left open.
- Collects real attacks data.
- Reduced false positives.
- Does not require high-performance resource.
- Hacker activity is captured, even if its encrypted.
- Simple to understand, deploy and maintain.