HoneyClients: Honeypots in the last decade have become one of the most effective ways to counter cyber attacks that threaten the security and privacy of millions of people worldwide
- by Sanjeev-
- Oct 04, 2019 12:45
Honeypots in the last decade have become one of the most effective ways to counter cyber attacks that threaten the security and privacy of millions of people worldwide. More than just a game of waiting and watching, this mechanism is an active defense against every move hackers make because it is all about letting the hackers come to you while you keep a close eye on their activity.
While there are many types of Honeypots like Low Interaction Honeypot (also called Honeyd and lets the hackers use the limited number of applications which are prone to cyber-attacks), High Interaction Honeypot (used with high risk by allowing full access to system and software to hackers in a subnet called Honeynet), there’s another type of honeypot which is a little difficult be put into a category because it is actually a security device which is designed to counter the servers that attack clients.
Since the above mentioned two types of are deemed too expensive with only a marginal gap if you go for a slightly different method, this device is perfectly suitable for individual clients who have the same rights to have their personal data secured as much as the larger organizations and businesses. This device is called Honeypot Client or HoneyClient. The basic functions of a Honeyclient are to engage with the malicious servers that are programmed to attack the clients. They do what they are made to do, pose as clients and invite hackers to attack. After doing that they can interact with the server to find out if any client has been attacked by it.
As it is designed for individual clients, the main area of functioning of a HoneyClient is the browser. HoneyClients also come in the forms of High Interaction mode and Low Interaction mode.
• In the High Interaction HoneyClients, the system is analyzed after the interaction with the malicious server has happened and the session is terminated. If there is even a single change in any of the files or a presence of a new one in the system after the session is over, the server is deemed malicious.
• Low Interaction HoneyClients are relatively better performers than the High Interaction HoneyClients and can be analyzed in real-time but with little guarantee of success since they can miss out on an ongoing attack and are also easy to detect by the hackers who can in return exploit them.