In order to effectively fight hackers, it is necessary to understand how they operate. For this, authorities and companies use a technique called honeypot ou honey pot in French.
Honeypot or Pot of honey, what is it?
The principle of a honeypot is simple. It involves intentionally leaving vulnerabilities on a system to attract and trap hackers, in order to collect information about them and catch them.
A bit like honey that attracts bears, these fake servers are supposed to attract hackers which will allow the administrator to observe the attackers' means of compromise. The goal is to locate cybercriminals and catch them.
There are multiple ways to create your honeypot, some involve setting up machines (most often virtual) with a known security vulnerability in a controlled network environment. It could be a kernel flaw, a network application (Apache, PHP, Tomcat, etc.) or a web application (SQL injection, XSS).
However, it is essential that the configuration complies with the intended objectives and that under no circumstances can the honeypot architecture become a vulnerability for the company's system.
Among the most famous honypot, we retain:
Honeyd
It is an open source application that gives the possibility of emulating an entire computer network, composed of different virtual operating systems that are capable of providing fictitious services. The principle of the Honeyd program is simple: when an intruder tries to connect to the IP address of the emulated system, Honeyd impersonates this system and begins communication with the intruder's computer.
Honeyd installation and use tutorial
kippo
Kippo is an SSH Honey Pot that installs under Linux. It replaces the real SSH service but in a vulnerable way so that hackers can access it without much difficulty. With kippo, it is possible to view – live or recorded – the hackers' sessions, that is to say the commands typed and their feedback.
wordpot
Wordpot is a honeypot that emulates vulnerable plugins on WordPress. If you have a website developed with the WordPress CMS, now is the time to learn a little about intrusion detection techniques with Wordpot that allow you to both defend yourself and refine attackers.
Glastopf
Glastopf is a low interaction honeypot that emulates a vulnerable web server containing many web pages with multiple vulnerabilities ( include flaw, SQL injection, etc).