An Intrusion Detection System (IDS) is a device or software application that monitors network systems for malicous or unauthorized system activities and produces reports to a centralized management system. IDS systems primarily focus on identifying possible incidents, logging and reporting for real-time notification to the system administrator.
Firewall vs. IDS - Both systems relate to network security. Firewalls look outwardly and limit system access based on the system configuration, limiting access between networks to prevent intrusions. IDS systems evaluate all network traffic (internal / external source) and when a suspected intrusion has taken place, logs the incident and issues an alert to the System Admin.
Production honeypots are easy to use, capture only limited information, and are used primarily by companies or corporations; Production honeypots are placed inside the production network with other production servers by an organization to improve their overall state of security. Normally, production honeypots are low-interaction honeypots, which are easier to deploy. They give less information about the attacks or attackers than research honeypots do. The purpose of a production honeypot is to help mitigate risk in an organization. The honeypot adds value to the security measures of an organization.
Research honeypots are run by a volunteer, non-profit research organization or an educational institution to gather information about the motives and tactics of the Blackhat community targeting different networks. These honeypots do not add direct value to a specific organization; instead, they are used to research the threats organizations face and to learn how to better protect against those threats. Research honeypots are complex to deploy and maintain, capture extensive information, and are used primarily by research, military, or government organizations.
Based on design criteria, honeypots can be classified as
Pure honeypots are full-fledged production systems. The activities of the attacker are monitored using a casual tap that has been installed on the honeypot's link to the network. No other software needs to be installed. Even though a pure honeypot is useful, stealthiness of the defense mechanisms can be ensured by a more controlled mechanism.
High-interaction honeypots imitate the activities of the real systems that host a varieties of services and, therefore, an attacker may be allowed a lot of services to waste his time. According to recent researches in high interaction honeypot technology, by employing virtual machines, multiple honeypots can be hosted on a single physical machine. Therefore, even if the honeypot is compromised, it can be restored more quickly. In general, high interaction honeypots provide more security by being difficult to detect, but they are highly expensive to maintain. If virtual machines are not available, one honeypot must be maintained for each physical computer, which can be exorbitantly expensive. Example: Honeynet.
Low-interaction honeypots simulate only the services frequently requested by attackers. Since they consume relatively few resources, multiple virtual machines can easily be hosted on one physical system, the virtual systems have a short response time, and less code is required, reducing the complexity of the security of the virtual systems
Sign up today for a FREE Whitepaper
How secure is your IT infrastructure? Let us evaluate it for free!
Network Essentials was incorporated April 18, 2002. A Special Thank You to all of our clients (many of our first clients are still with us today) and staff members that have helped make Network Essentials sucessful and a fun place to call home!
Learn more about what Network Essentials can do for your business.
Call us today 877.381.5739
1515 Mockingbird Lane Suite #1060Charlotte, North Carolina 28209