In 1986, systems administrator Clifford Stoll noticed nine seconds of unpaid computer time at the Lawrence Berkeley National Laboratory. Upon being asked to resolve this, Stoll eventually came to the conclusion that a hacker had illegally gained access to their network by exploiting a vulnerability. Stoll decided he would set up a trap for the hacker. He gathered 50 computer terminals from around his office, connected the terminals to the office phone lines, and waited. Eventually, the hacker dialed in and Stoll traced the call to a company named Tymnet. With the help of Tymnet, they traced and later identified him as KGB recruit Markus Hess. Stoll wrote about these events in the book The Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage. This was the first recorded example of a honeypot.
What is a Honeypot
The metaphor of a bear being attracted to a pot of honey is deeply rooted in early folklore. However, it is commonly recognizable as a plot element in Winnie The Pooh. Visualizing honeypots as a sticky trap serves is a decent metaphor for a Honeypot in cybersecurity terms. A honeypot is bait; a trap set specifically to lure hackers for the purpose of either catching them in the act or tracking them. It is very easy to implement a honeypot. Additionally, they can identify hackers with efficiency.
There are three main different types of Honeypots, categorized by their purpose and usage.
Companies and corporations use production honeypots primarily to help make their security stronger. These honeypots are easy to use and work by capturing small amounts of information to help companies track a hacker’s habits. The hacker’s actions are studied closely to uncover security vulnerabilities.
In contrast, a research honeypot gathers a larger amount of information targeting the motives and specific hacking tactics. Military, researarch, and government organizations are use research honeypots commonly. As the name implies, these honeypots are used to understand the attacks a company could potentially face.
These are full independent production systems. They offer the implementer real time tracking of an attacker. These honeypots can be very effective. It is important to implement with subtly, as they can be easy to identify.
A secure system relies on a variety of defense methods to guard your system. However, as goes for virtually any piece of technology, a honeypot is not foolproof. No defense mechanism is one hundred percent reliable. But if used correctly and sparingly, honeypots can be the perfect strategy for protecting your system from hackers.