4 Comments

  1. Trish Lee on July 30, 2020 at 2:19 pm

    I love this guy’s accent HAHAHAHAHA.

  2. Sam on July 30, 2020 at 2:22 pm

    This guy with 262k subscribers hardly got any comments– Ouch…

  3. Anirudhha Tiwari on July 30, 2020 at 2:24 pm

    # TRANSCRIPT for the video :

    A honeypot outside the external firewall is useful for tracking attempts to scan or attack the internal network.

    The main advantages of placing the honeypot at this location are that.

    First of all, it does not have any side effects.
    Second, since it attracts and traps attacks to the honey pot, it reduces the amount of traffic, in particular, the attack traffic to the firewall. Therefore, it reduces the number of alerts produced by the external firewall.
    On the other hand, honeypot at this location does not trap internal attackers. A honeypot can also be placed in a DMZ to trap attacks to the public-facing service.
    On the other hand, a honeypot at this location may not be able to trap interesting attacks. This is because a DMZ is typically not fully accessible. That is, other than the well defined public-facing services, no other services are supposed to be available in DMZ. That is if an attacker is attempting to access the honeypot. And the service is not one of these well-defined, public-facing services, the firewall is going to block the traffic.

    Let the firewall allow the traffic to the honeypot. But this would mean that we’re opening up the firewall.
    And this is a security risk. We can also place the honeypot in the internal network alongside with servers and workstations.
    The main advantages here are that it can catch internal attacks.
    It can also detect a misconfigured firewall that forwards impermissible traffic from the internet to the internal network.
    On the other hand, unless we can completely trap the attacker within the honeypot.
    The attack may be able to reach other internal systems from the honeypot.
    In addition, in order to continue to attract and trap the attackers to the honeypot, we must allow his attack traffic from the internet to their honeypot. This means that we must open up the firewall to allow the attack traffic to come from the Internet to the internal network, and this carries a huge security risk.

  4. kruthika bhat on July 30, 2020 at 2:40 pm

    Hello,is there any possibility to set up a snort in a server and redirect the packets which generate alerts to a honeypot?If yes,how can it be done?

Leave a Comment