Strange features. Honeypots can have some strange features, which are generally intended to capture more information about possible attackers. KFSensor has the most features of any honeypot in this review, but HoneyPoint wins the award for the strangest. HoneyPoint Trojans and HoneyBees (see the accompanying review) are awkward attempts to offer false lures -- namely, fake binary programs and fake Web and email traffic -- that MicroSolved hopes will lead to more specific information in tracking hackers. I'm doubtful of their overall usefulness, but at least MicroSolved is not providing tools to break into the remote hacker's computers as some past honeypot manufacturers have. Attacking an attacker is not only unethical, but illegal in most countries. HoneyPoint Trojans and HoneyBees do not cross that line.
The sweetest honeypot
KFSensor has long been the established leader in the honeypot world, and this hasn't changed. KFSensor is still the easiest and most feature-rich honeypot among the competition. Its single glaring weakness is the lack of built-in reports. Many honeypots, especially ones with distributed sensors and enterprise features, expect companies to have their own reporting tools and information needs. Still, a few basic reports would go a long way. HoneyPoint offers 10 basic reports, and Honeyd's open source community has offered simple add-ons to get the essential reporting functionality for some time.
HoneyPoint combines multi-platform support, built-in reports, alert tracking, and some unique features designed to trip up attackers, but it falls short of KFSensor in both functionality and ease. Honeyd is the most flexible and efficient honeypot you'll find, but also the most difficult to install and configure. Linux/Unix shops may be undaunted by the challenging setup, and attracted by the free price tag, but they too will likely be better served by KFSensor. Although KFSensor installs only on Windows, it can emulate the ports and services in a Linux/Unix environment (though not at the network stack level like Honeyd).
You can read the individual, more detailed reviews at the links below. No matter which honeypot product you choose to run, or even if you simply turn an old computer into an early-warning system, your modest investment in time or money will pay off in more reliable security and greater peace of mind. Because when your firewall, IDS, antivirus software, and other security defenses fail -- and they all fail every now and then -- your honeypot will alert you to the problem. Setting up a simple honeypot is a small price to pay for a second line of defense.
Read the honeypot reviews:
- KFSensor: Sweet Windows honeypot
- HoneyPoint: A honeypot for Windows, Linux, or Mac OS X
- Honeyd: The open source honeypot
- Honeypots by the features: KFSensor, HoneyPoint, and Honeyd
Read the sidebar:
This story, "Intrusion detection honeypots simplify network security," was originally published at InfoWorld.com. Follow the latest developments in network security and read more of Roger Grimes' Security Adviser blog at InfoWorld.com.
You may still be better off sticking with Win7 or Win8.1, given the wide range of ongoing Win10...
Now that we're down to the wire, many upgraders report that the installer hangs. If this happens to...
Based on a technique created by a German blogger, here's how to stop wasting hours checking for Windows...
The swirl of new enterprise tech settled a bit in 2016, leaving a clear framework for the future -- and...
Picking an Android phone can be difficult, but we're here to help. These are the top Android phones you...
What does the future hold for Python, aside from new versions of the language? Let's check the crystal...
Thanks to stalwarts like MySQL, MongoDB, and Cassandra, the database realm has been a haven for open...