Hi. Welcome back to the course. So the last video we wrapped up our high level discussion of firewalls.
So we're gonna take another high level approach to what's called honey pots.
So order honey pots will. Essentially, these are machines that were put out there on the network, so sometimes they're put externally. While a lot of times we put extent externally of the network outside the D. M Z. And then also you may or may not. Depending on the company, you might see some honey pots internally as well. So basically we're trying to mimic particular device and generally a server, something like that.
So we've got two different types, and you may also see, like, medium interaction out there. But in general and industry, there's just two different times. We've got low interaction or high interaction, so lower interaction just has a couple of service is running that might be generally used by Attackers, so it's just a kind entice him like, Hey, come in and take a look at this
Now the high interaction that's gonna mimic like a real system that has real data on it.
I mean that at least that's the intent of it. So we want that attacker to come in and just get in that system and be doing all the processes they would do to try to exploit that system. So then we could see kind of the approach of hacker takes their the criminal hacker taste, and then we can potentially block that on our network.
So we see a little diagram here. We see that there is a honey pot on the external outside the D M Z and then also internal honeypot again. That should mimic Leo, maybe like a database server or Web mail server. You know, Deanna server. You know, whatever the case might be, You know, whatever you're using,
we just want to try to mimic something like that, especially if it's got your available date, valuable data on it. We just want to put something else out there to see our people breach in our network.
And what are they doing?
So low interaction, honeypot tools and these air. This is not an all inclusive Lester's. Many of these out there.
So, Diana, here's a get home page for that. You can grab that again. The tools we're gonna go over there all just low, uh, interaction tools
glassed off this one's out of Austria or developed out Austria
So now we've got some different high interaction tools as well. We got capture HPC.
So here's a get help for that one.
Excuse me. The honey net project
the page where you can download it. And then also we got from honey, uh, the honey that project is Well, Doc pot is another tool that we can download.
So if you're not familiar with the hunting that project, it's a great resource to learn about honey pots on. Basically, what they are is we're a non profit that was created back in the late nineties, and essentially, they have different systems out there on the World Wide Web, and they're basically harvesting data, right? So they're out there and they're setting these up.
I'm and hence the name honeypot. Excuse me, honey. Net. Right. Because we're
we've got all these honey pots were using, and they're basically there to gather information about different attack type. So they're gathered information about malware or were, you know, male wearing different forms of malware, you know? So ransomware worms that sort of stuff and then also gathering information about, like, actual attacks that will be done.
Like, you know, what are the tactics they're using? What kinds of tools are there? The criminal hackers using
one of the motivations. Write what? You know why. Why are they doing this? What is it appear that the reasoning is that they're doing this. So if you haven't heard of them, go check it out. It's just hunting that dot or GE a lot. A lot of good information. They got papers on there from black hat and articles from black and Def Con. Different security conference is so you could find out a lot of good information.
So detecting honey pots, it's really straightforward. I mean, honestly, if you have some common sense on you have some skill. You'll be able to realize quickly that you're in a honey pot, but some generalized things you're not gonna see any outbound traffic or the traffic that you do see is not gonna follow a normal pattern like normally what you would see.
I'm also a random machine just randomly sitting out there outside the D M Z. That's not a bastion host.
Uh, that That's pretty much a giveaway, right? Who really just puts like one machine out there
and then it's too insecure, right? So you could log into that thing. And it says like, you know, you see a file. It's a super secret Passwords. I mean, come on, it's, you know, nobody does that right. So you know, just that common sense type of stuff. And also, if if you get on the machine there and it just seems like, you know, like all right, you know, there's all these all these files here and like there's, you know,
there's like nothing blocking me from getting it. That's,
you know, that's the other aspect. And then also, if you know the company, because you should if you're attacking them,
you know, all the reconnaissance you did like if they're very secure,
you know? But there's this one around a machine that doesn't make any sense, Right? So, like, for example, if you were hacking the Pentagon and you know, you know, they've got some really, you know, good security in there. At least we hope so. Right. Um but, you know, they got good security, other network,
and then you find this random machine just sitting there. That's got, you know, like file. It says Classified data. You know, Come on, use some common sense and get out of there. It doesn't make any sense.
So 11 tool you can use for honeypot detection send safe. And basically what this does is it checks against the list of https and socks. Proxies, basically based off that list determines, you know, is this functioning as a honey pot or not? And that's really a lot of
well, I guess probably not a lot. But some people setting up honey pots with issues, the same proxy ing,
and so that's kind of where this will come into play. It could detect like, Well, there's multiple things going on with this one. Uh huh,
particular proxy. So it might indicate that it's a honey pot.
So in this video again, we just really took a very, very high level overview of honey pots. I do encourage you if you want to learn more about them, I'm just do some ah, Google or YouTube searching, and you're gonna find a lot of good information out there that minute. Also hunting that dot org's I've got a ton of good information out there as well.
So in the next module, we're gonna go over Coyote or the Internet of things.