There are two types of honeypots- high and low interaction. Which of these describes a low interaction honeypot?
Select the best answers.
A.
Emulators of vulnerable programs
B.
More likely to be penetrated
C.
Easier to deploy and maintain
D.
Tend to be used for production
E.
More detectable
F.
Tend to be used for research
Explanation:
A low interaction honeypot would have emulators of vulnerable programs, not the real programs. A high interaction honeypot is more likely to be penetrated as it is running the real program and is more vulnerable than an emulator.
Low interaction honeypots are easier to deploy and maintain. Usually you would just use a program that is already available for download and install it. Hackers don’t usually crash or destroy these types of programs and it would require little maintenance. A low interaction honeypot tends to be used for production. Low interaction honeypots are more detectable because you are using emulators of the real programs. Many hackers will see this and realize that they are in a honeypot. A low interaction honeypot tends to be used for production. A high interaction honeypot tends to be used for research.
Aren’t ALL honeypots used for research, of some type or the other? why else would you install them, unless they’re saying they’re only used to divert attacks, which is not why most are used. 99% of definitions will tell you both are used for research and especially a LOW INTERACTION with tools like HONEYD. In either case, you let a hacker try things so you can study what he went after, how he is trying it, and you record their IPs. And what does it mean that only the low interaction is used for production? I don’t get that.