2010

Traditional detection solutions can overwhelm organisations with  alerts, yet only a small number of those alerts signal a valid attack.  Also, many of today's technologies are not designed to detect  unknown attacks. Honeypots help resolve both of these problems.  Honeypots generate very few alerts, but when they do you can  almost be sure that something malicious has happened. Honeypots  can also detect and capture unknown attacks as well as known  attacks. Finally, honeypots can be used to respond to an attack. If  an attacker breaks into your organisation, and one of the systems  they broke into was a honeypot, then information gathered from  that system could be used to respond to the break-in. Information  is the key to a successful response and honeypots certainly provide  an abundance of information. Honeypots can also be used to smoke  out and identify an attacker whether they are a trusted internal  employee or an external hacker.

 

 Physical  vs Virtual Honeypots

Honeypots are unique; they don’t solve a specific problem. Instead,  they are a highly flexible tool with many different applications to  security. It all depends on what you want to achieve. Some  honeypots can be used to help prevent attacks, others can be used  to detect attacks, while other honeypots can be used for information  gathering and research.

Posted in  | 1 Comment »
Network PortKnocking System

       Port knocking is a method of establishing a connection to a networked computer that has no open ports

        Before a connection is established, ports are opened using a port knock sequence, which is a series of connection attempts to closed ports

        A remote host generates and sends an authentic knock sequence in order to manipulate the server's firewall rules to open one or more specific ports