Strange features. Honeypots can have some strange features, which are generally intended to capture more information about possible attackers. KFSensor has the most features of any honeypot in this review, but HoneyPoint wins the award for the strangest. HoneyPoint Trojans and HoneyBees (see the accompanying review) are awkward attempts to offer false lures -- namely, fake binary programs and fake Web and email traffic -- that MicroSolved hopes will lead to more specific information in tracking hackers. I'm doubtful of their overall usefulness, but at least MicroSolved is not providing tools to break into the remote hacker's computers as some past honeypot manufacturers have. Attacking an attacker is not only unethical, but illegal in most countries. HoneyPoint Trojans and HoneyBees do not cross that line.
The sweetest honeypot
KFSensor has long been the established leader in the honeypot world, and this hasn't changed. KFSensor is still the easiest and most feature-rich honeypot among the competition. Its single glaring weakness is the lack of built-in reports. Many honeypots, especially ones with distributed sensors and enterprise features, expect companies to have their own reporting tools and information needs. Still, a few basic reports would go a long way. HoneyPoint offers 10 basic reports, and Honeyd's open source community has offered simple add-ons to get the essential reporting functionality for some time.
HoneyPoint combines multi-platform support, built-in reports, alert tracking, and some unique features designed to trip up attackers, but it falls short of KFSensor in both functionality and ease. Honeyd is the most flexible and efficient honeypot you'll find, but also the most difficult to install and configure. Linux/Unix shops may be undaunted by the challenging setup, and attracted by the free price tag, but they too will likely be better served by KFSensor. Although KFSensor installs only on Windows, it can emulate the ports and services in a Linux/Unix environment (though not at the network stack level like Honeyd).
You can read the individual, more detailed reviews at the links below. No matter which honeypot product you choose to run, or even if you simply turn an old computer into an early-warning system, your modest investment in time or money will pay off in more reliable security and greater peace of mind. Because when your firewall, IDS, antivirus software, and other security defenses fail -- and they all fail every now and then -- your honeypot will alert you to the problem. Setting up a simple honeypot is a small price to pay for a second line of defense.
Read the honeypot reviews:
- KFSensor: Sweet Windows honeypot
- HoneyPoint: A honeypot for Windows, Linux, or Mac OS X
- Honeyd: The open source honeypot
- Honeypots by the features: KFSensor, HoneyPoint, and Honeyd
Read the sidebar:
This story, "Intrusion detection honeypots simplify network security," was originally published at InfoWorld.com. Follow the latest developments in network security and read more of Roger Grimes' Security Adviser blog at InfoWorld.com.
Having trouble installing and setting up Win10? You aren’t alone. Here are many of the most common...
Win7 Update scans got you fuming? Here’s how to make the most of Microsoft’s 'magic' speed-up patch
Picking an Android phone can be difficult, but we're here to help. These are the top Android phones you...
Our dystopian future of machine learning breaking bad is already unfolding before our eyes
After two months with no patches, Tuesday's release introduced several severe bugs, two of which...
Voice-controlled assistants are proliferating, and opening them to third-party app makers is proving to...
A race condition flaw has been fixed in the mainline Linux kernel, but some Red Hat, Canonical, and...