Hey, everyone is Canada Hill Master Instructor, A cyber. In this video, we're gonna talk about Web defense.
So what are honey pots? Well, they're primarily used to gather information about the different attack methods that Attackers used the motives of tactics on. So it could be individual Attackers. It could be a group of Attackers. But basically the whole concept here is we put these machines out there or these virtual images, these virtual machines out there,
four Attackers to go and do their thing on, so to speak.
Oh, and honey parts very from low in low interaction, toe high interaction. So some of them are just kind of like, Hey, here's all these special files you can get and other ones are actually based off the Attackers. Actions are actually responding to that and allowing them to get different things. So most
good Attackers out there can see when they're in the honey pot.
Uh, you're more so gonna get like script kiddies and maybe, like the botnet type of stuff for the body attacks that will really get in your honeypot. So the whole goal here is either to detect, you know, something that's occurring with an attacker so kind of detecting as I mentioned their methods,
Uh, and then also honey pots are used to deflect, so I may put out some honey pots to try to get you to
go attack that instead of my Web server for as an example,
many different honey pots out there. One thing that you can use if you're kind of entry level and and even if you're experienced is what's called Teapot. So that's actually, uh, it's a collection of honey pots, and it's created by T Mobile. Eso I always like to say You can get a cell phone and honey pots in one spot
Anyways, I don't actually use T Mobile, by the way, but,
uh, I thought it was funny, and that's all that matters. All right, so we have inside a teapot. There's many different honey pots, as I mentioned, uh, so we've got several different ones here without con pot. Now, that one. Just remember, I c s scatter. So I see a skater.
Uh, it's a low interaction honeypot and is designed to emulate industrial control systems. So just remember that with compound that'll be
important later on,
we've got calorie it's ah basically immediately interaction honeypot. It's designed for logging, brute force attacks and also a shell interaction. So, you know, shells using things like tell matter. Sssh!
We've got Dona. That was gonna be a low interaction, honeypot, that basically emulates vulnerable systems that might be running protocols like S and B f t p t f t p m a c Cool. My sequel, http etcetera, etcetera. We've got elastic pot that's designed to capture attacks on elasticsearch.
We've got a mobility, which is Ah, hi interaction honeypot that's designed to simulate a transport infrastructure environment. So it's gonna contain things like charging points and also a central Web interface.
We've got glassed off, which is a low interaction honeypot designed to simulate a large amount of different Web vulnerabilities. So things like L a fire or if I even different types of injection, things like sequel injection,
we've got a honey trap with, which is a low interaction honeypot that's designed to observe attacks against TCP or UDP Service's Maloney that wants a low, low interaction. Honeypot, designed to emulate S and T service is on, and it also collects information on attacks against the mail server
part if you wise designed the Emily Artie Hardy P Protocol. So hence the name and then V and cloud pot low interaction honey pot, which listens to our tippy requests and logs responses. So again, you could grab TBA teapot. It sees me,
Uh, you just need either using ah boon to or Debian Lennox, preferably Debbie Lennox
image. We're not gonna cover that in this particular module or in this course that's a little outside the scope. But just know that honey pots at the high level are designed to either number one collect information about what the Attackers were doing,
whether that's, you know, lower interaction. Hi, indirection, et cetera. But just collecting information about what the Attackers air doing. Or they're different methods. And then number two. It's used to kind of deflect away from valuable stuff, right, So we may put out several honey pots. We might put them external, or we might put them internal or combination of both.
Of course, a drawback of just only having external honey pots would be the fact that if I've already breached your network, you're never going to see essentially what I'm doing right, because I'm inside your internal network.
So most large organizations were gonna put them in different spots, and they'll also segment them out and create a separate V lands for their network and then put fake honey pots Well, not fake. 20 months. Both put honey pots on them to try to attract, you know, malicious users. That way
there are some other. There are some products solutions out there from vendors
that will do all of the stuff. You don't have to manually configure everything. But again, this kind of outside the scope of this particular course.
So just a quick post assessment question here. David's working in the I. C. S space of the industrial control systems face, and he wants to find a low interaction on iPod that will emulate industrial control system. So what, you the following here should he choose?
All right, so this one was kind of an easy one. If you paid attention to what I said earlier, we know the answer here is be con pot. So again, conn pod is that low interaction honeypot, for that's gonna emulate I. C s systems
In Honeypot Fundamentals, Ken Underhill covers what honeypots are and what they are used for. We will learn about T-pot and various forms of T-pot, which are generally used according to the type of network.