Types of Honeypots - Low Interaction Honeypots and High Interaction Honeypots

Low Interaction Honeypots

Low Interaction Honeypots allow only limited interaction for an attacker or malware. All services offered by a Low Interaction Honeypots are emulated. Thus Low Interaction Honeypots are not themselves vulnerable and will not become infected by the exploit attempted against the emulated vulnerability.

High Interaction Honeypots

High Interaction Honeypots make use of the actual vulnerable service or software. High-interaction honeypots are usually complex solutions as they involve real operating systems and applications. In High Interaction Honeypots nothing is emulated everything is real. High Interaction Honeypots provide a far more detailed picture of how an attack or intrusion progresses or how a particular malware execute in real-time. Since there is no emulated service, High Interaction Honeypots helps in identifying unknown vulnerabilities. But High Interaction Honeypots are more prone to infections and High Interaction Honeypots increases the risk because attackers can use these real honeypot operating systems to attack and compromise production systems.