Which of the following honeypots provides an attacker access to the real operating system without
any restriction and collects a vast amount of information about the attacker?
A.
High-interaction honeypot
B.
Medium-interaction honeypot
C.
Honeyd
D.
Low-interaction honeypot
Explanation:
A high-interaction honeypot offers a vast amount of information about attackers. It provides an
attacker access to the real operating system without any restriction. A high-interaction honeypot is
a powerful weapon that provides opportunities to discover new tools, to identify new vulnerabilities
in the operating system, and to learn how blackhats communicate with one another.
Answer option D is incorrect. A low-interaction honeypot captures limited amounts of information
that are mainly transactional data and some limited interactive information. Because of simple
design and basic functionality, low-interaction honeypots are easy to install, deploy, maintain, and
configure. A low-interaction honeypot detects unauthorized scans or unauthorized connection
attempts. A low-interaction honeypot is like a one-way connection, as the honeypot provides
services that are limited to listening ports. Its role is very passive and does not alter any traffic. It
generates logs or alerts when incoming packets match their patterns.
Answer option B is incorrect. A medium-interaction honeypot offers richer interaction capabilities
than a low-interaction honeypot, but does not provide any real underlying operating system target.
Installing and configuring a medium-interaction honeypot takes more time than a low-interaction
honeypot. It is also more complicated to deploy and maintain as compared to a low-interaction
honeypot. A medium-interaction honeypot captures a greater amount of information but comes
with greater risk. Answer option C is incorrect. Honeyd is an example of a low-interaction
honeypot.
High-interaction honeypot