In order to effectively fight hackers, it is necessary to understand how they operate. For this, authorities and companies use a technique called honeypot ou honey pot in French.
Honeypot or Honey Pot, what is it?
The principle of a honeypot is simple. It consists of intentionally leaving vulnerabilities on a system to attract and trap hackers, in order to collect information about them and catch them.
A bit like honey which attracts bears, these fake servers are supposed to attract hackers which will allow the administrator to observe the means of compromise of the attackers. The goal is to locate cybercriminals and catch them.
There are many ways to create your honeypot, some of which involve mounting machines (most often virtual) with a known security flaw in a controlled network environment. It can be a kernel flaw, a network application (Apache, PHP, Tomcat, etc.) or a web application (SQL injection, XSS).
However, it is essential that the configuration conforms to the intended objectives and that in no case the honeypot architecture can become a flaw for the company system.
Among the most famous honypot, we retain:
Honeyd
It is an open source application that gives the possibility of emulating an entire computer network, made up of different virtual operating systems that are capable of providing fictitious services. The principle of the Honeyd program is simple: when an intruder tries to connect to the IP address of the emulated system, Honeyd impersonates this system and begins communication with the intruder computer.
Honeyd installation and use tutorial
kippo
Kippo is an SSH Honey Pot that installs under Linux. It replaces the real SSH service but in a vulnerable way so that hackers can access it without too much difficulty. With kippo, it is possible to view - live or delayed - the sessions of the pirates, that is to say the commands typed and their feedback.
wordpot
Wordpot is a honeypot that emulates vulnerable plugins on WordPress. If you have a website developed with the WordPress CMS, now is the time to learn a bit about intrusion detection techniques with Wordpot which allows you to both defend yourself and refine attackers.
Glastopf
Glastopf is a low interaction honeypot that emulates a vulnerable web server containing many web pages with multiple vulnerabilities ( include flaw, SQL injection, etc).