Posts by bonnieshona

    I would advise you to use honeypot.

    Honeypots can be a good way to expose vulnerabilities in major systems. For instance, a honeypot can show the high level of threat posed by attacks on IoT devices. It can also suggest ways in which security could be improved.

    Using a honeypot has several advantages over trying to spot intrusion in the real system. For instance, by definition, a honeypot shouldn't get any legitimate traffic, so any activity logged is likely to be a probe or intrusion attempt.

    That makes it much easier to spot patterns, such as similar IP addresses (or IP addresses all coming from one country) being used to carry out a network sweep. By contrast, such tell-tale signs of an attack are easy to lose in the noise when you are looking at high levels of legitimate traffic on your core network. The big advantage of using honeypot security is that these malicious addresses might be the only ones you see, making the attack much easier to identify.