What is the difference between sandbox and honeypot ?
A sandbox can be used by an enterprise to test softwares. An example of a sandbox, is a PC, isolated from the network , this PC is used to test softwares. If you doubt that a specific software contains malware, you run this software on that PC first, and then you will see the behavior of the software on that PC.
A sandbox is good for zero day malware. Note that zero day malware is a very new malware that does not have yet signatures from antivirus softwares.
A sandbox can also be used for lab and training puproses. By doing this you will protect your environment from any mistake or abnormal behaviour
A honeypot is a device that has security weakness. the device is installed in the network on a purpose. A honeypot is used to trap hackers. A condition for honeypot device, is that it must never be able to access other devices, or to be the road to access other devices. The role of honeypot is to trap hackers. Hackers will think that they took control of a PC in the company, they will try to get info from this PC, and they will try to use it to access other devices in the network. They will waste time, in addition they are exposing their infos (country of origin, IP address, company, purpose of the attack...), so the security team of the entreprise will take the appropriate action such as blocking them on firewall/IPS ...
A honeynet is similar to a honeypot, but it is a network not just one PC.
No comments:
Post a Comment