Q#02 What are the differences between an IDS and honeypot in terms of their functionality?
Ans: The difference between the IDA and the Honeypot in terms of their functionality are as :
IDS Functionality: IDS collect the information from different systems and the network resources for possible security problems. IDS collect and explore the information from the different parts of the computers or network and identify its potential security holes. The Instruction Detection System comprise from both the Internal and External organizations.
Deployment of IDS is easier and doesn’t affect the system resources.
NIDS detect many attacks like TCP SYN attack, fragmented packet attack by checking the headers of the packets.
IDS have real time…show more content… IDS have passive alerting and Active response detection.
IDS audit the sources location by using the Host log files, Network packets, Application log files and IDS sensor alerts.
Honeypot Functionality:
Honeypot detect the unauthorized use of the informantion of the systems. As shown the blow fig the honeypot consist of a computer, data and the network sites that are the part of the networks. Honeypot fooling the attacker that it is a legitimate system. Attacker believe and attack on the system and the attacker doesn’t know that he is being observed.And the when the attacker attempts to compromise the honypot. Honeypot collect the information of the attacker such as the IP address.
Honeypot divided into two parts 1) Production Honeypot and 2) Research Honeypot.
Honeypot collect the higher data valus that are easier to manage and simpler to analyze.
Honeypot reduse the False positives and False negatives.
It also capture the attack or malicious activity if they are encrypted.
It work in the any IP adress environment e.g Ipv4, IPv6.
The functionality of the Honeypot is adaptable. It have the ability to used in the different