# TRANSCRIPT for the video : A honeypot outside the external firewall is useful for tracking attempts to scan or attack the internal network. The main advantages of placing the honeypot at this location are that. First of all, it does not have any side effects. Second, since it attracts and traps attacks to the honey pot, it reduces the amount of traffic, in particular, the attack traffic to the firewall. Therefore, it reduces the number of alerts produced by the external firewall. On the other hand, honeypot at this location does not trap internal attackers. A honeypot can also be placed in a DMZ to trap attacks to the public-facing service. On the other hand, a honeypot at this location may not be able to trap interesting attacks. This is because a DMZ is typically not fully accessible. That is, other than the well defined public-facing services, no other services are supposed to be available in DMZ. That is if an attacker is attempting to access the honeypot. And the service is not one of these well-defined, public-facing services, the firewall is going to block the traffic. Let the firewall allow the traffic to the honeypot. But this would mean that we're opening up the firewall. And this is a security risk. We can also place the honeypot in the internal network alongside with servers and workstations. The main advantages here are that it can catch internal attacks. It can also detect a misconfigured firewall that forwards impermissible traffic from the internet to the internal network. On the other hand, unless we can completely trap the attacker within the honeypot. The attack may be able to reach other internal systems from the honeypot. In addition, in order to continue to attract and trap the attackers to the honeypot, we must allow his attack traffic from the internet to their honeypot. This means that we must open up the firewall to allow the attack traffic to come from the Internet to the internal network, and this carries a huge security risk.

@himanisingh8478

3 жыл бұрын

Thanks Aniruddha :)

Hello,is there any possibility to set up a snort in a server and redirect the packets which generate alerts to a honeypot?If yes,how can it be done?

why would you need to allow traffic through to the internal honeypot If they cant get to that honeypot with current firewall settings then they shouldnt be able to access other machines within the same network right?

I love this guy's accent HAHAHAHAHA.

@bosscs

6 жыл бұрын

lolllo

@marco_evertus

5 жыл бұрын

LOL wat accent is that?

@marco_evertus

3 жыл бұрын

@@DecentraLife it’s not, I have lived in China for a while and am basically surrounded by Chinese people. It’s very different from a Chinese accent.

@marco_evertus

3 жыл бұрын

@@DecentraLife most dialects produce very similar accents it just depends on whether you're from the north or the south. that being said I have never heard an accent like that.

So are attackers getting into the actual network through a honeypot or is an isolated from the real network? Are attackers getting real information or falsified information that appears to be real?

This guy with 262k subscribers hardly got any comments-- Ouch...

Great video! I've been working on a project that's quite relevant. It's called NeroSwarm, an AI-powered Honeypot-as-a-Service platform. It's been a great resource in emulating open ports and acting as various devices for enhanced threat detection. If anyone here is interested in cybersecurity and how we can better defend our systems, it might be worth checking out.