The main problem with which the development of IoT is associated is security. Cybercriminals are constantly trying to hack into remote patient monitoring devices, databases with information about people's health, intelligent car control systems, commit phishing attacks, upload viruses to hacked devices, and even commit entire sabotage in factories. Therefore, market participants in the IoT market need to learn how to protect their systems.

You no longer need to be afraid that you forgot to turn off the iron or the tap - just press a button on your smartphone, and the smart home will fix everything. Or you don’t have to press, because the house is so smart that it will put everything in order itself, and send a notification to the owner about the result. A computer vision surveillance system will recognize everyone who passes by your apartment and compare the images with the police base.

Today, a smart home is basically an intelligent assistant that turns on music, searches for information on the Internet, recommends movies, adjusts the lighting and temperature in the house, and turns on the kettle.

Ideally, it's best to only use high-level honeypots. Unfortunately, due to the large number of attacks, such honeypots do not scale, and each new connection requires a reconfiguration of the environment. Therefore, honeypots of the middle level of interaction are most often used; among them, the most popular open source projects are Cowrie and Dionaea.

We work with honeypots of all three types; in addition, we have created a separate type of honeypot - sensory, which we will discuss in more detail below.

When dealing with honeypots, you should always keep security in mind: a vulnerable or attacked system can put you and others at risk.

When deploying traps, an important step is network planning and a clear definition of what activity needs to be monitored and how data will be collected and processed. Over the years, we have built a honeypot infrastructure that is constantly being expanded and optimized. We have developed our own modular approach for efficient system management, updates and data processing. The main idea is to be able to easily deploy multiple honeypots while minimizing maintenance costs.

There are three common types of honeypots:

Honeypots with a low level of interaction. These hooks simulate services such as Telnet, SSH, and web servers. An attacker or attacking system mistakes the honeypot for a real vulnerable system and installs the payload.

Interaction honeypots also simulate vulnerable systems, but they are more functional than the simplest traps.

High-level interaction honeypots. These are real systems that require additional steps on the part of the administrator to limit malicious activity and avoid compromising other systems. Their advantage is that they can run on a POSIX-compliant system. This means that attempts to identify hosts that use techniques not yet emulated by low-interaction honeypots will not work against such a trap, and attackers will be convinced that they have hit a real device.