CSEC’s Tpot is a honeypot system, developed as an open source by T-Com. Honeypot imitates a target for hackers and uses intrusion attempts to learn about how they operate or to divert them from real targets.
We are receiving and providing data from the installed Tpots around the world. Through OpenCanary, with a frontend developed by Jurica Banić, our infrastructure expert - we are setting up a network of honeypots in Bosnia and Herzegovina.
CSEC is proud to actively pursue the set up of honeynet, assisting to recognize the activities of new threats. Therefore, the right cyber security initiatives can be selected with the help of the gathered information.
With the honeynet being set up in several places in Bosnia and Herzegovina, users can acquire data on current hazards and accordingly develop needed cyber security measures.
Now, a bit more about the honeypot system itself…
What is a honeypot?
A honeypot operation mimics the functionality of a genuine system that would be appealing to attackers, such as a banking system, IoT devices, a public utility, or transportation network. Despite being isolated and under close observation, it looks to be a component of a network. A honeypot has no purpose to be accessed by authorized users, hence any attempts to communicate with it are regarded as hostile.
The honeypot fools hackers into thinking it's a legitimate target by having the appearance of a real computer system, complete with apps and data. A honeypot could, for instance, imitate a business's customer billing system, which is frequently targeted by thieves looking for credit card details. Once the hackers are inside, it is possible to trace them and analyze their activity to find out how to safeguard the real network.
Attackers are drawn to honeypots because they are purposefully designed with security flaws. For instance, a honeypot may have weak passwords or ports that respond to port scans. To lure attackers into the honeypot environment rather than the more secure live network, vulnerable ports may be left open.
Monitoring the traffic coming into the honeypot system, makes it possible to assess:
Location the cybercriminals are coming from
Level of threat
Modus operandi they use
Data or applications of their interest
Level of your security measures to stop cyberattacks
Another honeypot definition takes a gander at whether a honeypot is high-collaboration or low-connection. Honeypots with low interactions consume fewer resources and. They can be set up quickly and easily, typically requiring only some basic network services.
High-interaction honeypots vs. Low-interaction honeypots
High-interaction honeypots entice hackers to spend more time inside the honeypot, providing information about their targets, vulnerabilities they are exploiting, and methods. However, high-interaction honeypots require a lot of resources, as setting them up and keeping an eye on them takes more effort and time.
A low-interaction honeypot captures connection attempts and readily alerts the admins that an intrusion has been attempted. It gathers fundamental information about the nature, extent, and origin of threats but it is also easier to set up to maintain.
Various kinds of honeypot can be utilized to recognize various sorts of dangers. The kind of threat that is being addressed determines the definitions of various honeypots. A comprehensive and efficient cybersecurity strategy includes them all.
Email traps or spam traps place a trap email address where just a computerized address collector will actually want to track down it. The senders' source IP can be added to a deny list, and all messages with the same content as those sent to the spam trap can be automatically blocked.
A decoy database can be positioned to screen programming weaknesses and spot assaults taking advantage of unreliable framework design
A malware honeypot invites malware attacks by imitating software applications and APIs
By creating web pages and links that are only accessible to crawlers, a spider honeypot is designed to entice crawlers, or "spiders"
Benefits and risks of honeypot
Benefits of implementing honeypot:
Real data from attacks
Reduces the number of false positives
Do not require high-performance resources
Has large volumes of network traffic looking for hazards
Encryption circumvention as honeypots capture encrypted malicious activity
Disadvantages might be as follows:
Limited data because honeypots collect information only when an attack occurs
Isolated network because malicious traffic is captured only when an attack targets the honeypot network
Experienced hackers can differentiate a production system from a honeypot system
Production systems are at risk because they do eventually connect to enable administrators to collect the information they contain
On a network, two or more honeypots make up a honeynet. Organizations can track how an attacker interacts with a single resource or network point, as well as how an intruder moves between points on the network and interacts with multiple points at once, with an interconnected network of honeypots.
The objective is to get programmers to accept that they have effectively penetrated the organization, so having more phony organization objections makes the arrangement seriously persuasive.
So, honeypots can assist organizations in keeping up with the constantly changing threat landscape as cyber threats continue to evolve. Although it is impossible to predict and stop every attack, honeypots can help an organization be ready and are possibly the best way to catch an attacker in the act by providing useful information. They are also a good source of information for cybersecurity experts.
By utilizing digital honeypots to make a danger insight structure, a business can guarantee that it's focusing on its network protection spend at the perfect locations and can see where it has security flimsy spots.