It would appear that more and more companies and home users are becoming victim to bad actors intruding on their network. Weather it be a targeted attack or drive by malware, network security is a hot topic in today’s IT landscape. In this article I will describe how you can build a low cost Honey Pot that can help alert you to an intrusion before its too late.
What is a Honey Pot?
In simple terms a Honey Pot is a device on your network that looks appetizing to a hacker. Like drawing a bear to a pot of honey. This device will advertise services that appear vulnerable and maybe draw an attacker in for further investigation. At a minimum it can simply be used as an internal “trip wire” to alert you someone poking around.
Why does a honey pot work?
I’m Joe hacker and I have just installed malware on one of your employees workstations. I have quickly gained access and I am now able to execute code and commands. What is the first thing I’m going to do? If you said start poking around you would be correct. After I look for anything of value on my host computer I will quickly begin scanning the subnet looking for hosts that are alive. I will also begin mapping the network for services that are possibly vulnerable to attack. This is where the Honey Pot fits in. It has been patiently siting on your network waiting for someone to direct a packet of data in its direction and alert you to possible trouble.