High-Interaction Honeypots
High-interaction honeypots are the extreme of honeypot technologies. They give us a vast amount of information about attackers, but they are extremely time consuming to build and maintain, and they come with the highest level of risk. The goal of a high-interaction honeypot is to give the attacker access to a real operating system where nothing is emulated or restricted. The opportunities to learn here are incredible, as demonstrated in Figure 5-2. We can discover new tools, identify new vulnerabilities in operating systems or applications, and learn how blackhats communicate among one other. The possibilities are almost limitless, making high-interaction honeypots an extremely powerful weapon.
To create such an environment, ...
Get Honeypots: Tracking Hackers now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
