Summary
In this chapter we have attempted to classify honeypots based on their level of interaction. Level of interaction defines how much functionality or activity an attacker can have with a honeypot. The more interaction available to the attacker, the more you can learn about the attacker. However, the greater the interaction, the more work you’ll have to deploy and maintain the honeypot and, in general, the greater the risk to your systems. A low-interaction honeypot may simply monitor several ports. This capability is easy to deploy and maintain, but it is limited in the information it can capture. High-interaction honeypots are the opposite: There is little or no emulation. Instead, attackers are given access to entire operating systems. ...
Get Honeypots: Tracking Hackers now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
