Honeynets & Honeypots

How does the Honeynet system operate?

Honeypots are well-placed, vulnerable systems that distract an attacker or enemy from the actual target. By particularly attractive appearances the attacker is lured from the main target in a different direction and by a first "contact" the alarm is triggered in honeynet!

Any traffic to or from the network is suspected by definition, since this is not a productive network. This means, that the Honeypot services are not services offered by the user or his communication partners and are therefore never addressed in normal operation.

The attacker is not able to distinguish between productive systems and honeypots. He is scanning all network components for vulnerabilities - so sooner or later he will use the service offered by a honeypot. The above mentioned contact is logged and an alarm is triggered.

The concept that the network has no productive traffic makes it easier4 to collect and analyze data.

Tasks of a Honeynet or a Honeypot

•     Monitoring
•     Filtering
•     Alerting 7x24
•     System check
•     Countermeasures 7x24 (Optional)

Like all honeypots a Honeynet solves the problem of data flood through simplicity. A Honeynet is made to be compressed and not to analyze the real network traffic.

All traffics into or out of the net are considered as suspicious. Each connection to the Honeynet established from the outside is very likely a test, an attack or another form of malicious activity. Each connection established within the Honeynet to the outside proves that the Honeynet has been compressed. The concept in which the net doesn't exhibit any productive traffic, considerably simplifies data collecting and analyze. 

We install you a company-own Honeypot-Systems and our team gladly offers your support and analyzing.