Jumaat, Julai 01, 2005


Honeypots are closely monitored network decoys serving several purposes: they can distract adversaries from more valuable machines on a network, they can provide early warning about new attack and exploitation trends and they allow in-depth examination of adversaries during and after exploitation of a honeypot.

Honeypots are a highly flexible security tool with different applications for security. They don't fix a single problem. Instead they have multiple uses, such as prevention, detection, or information gathering. Honeypots all share the same concept: a security resource that should not have any production or authorized activity. In other words, deployment of honeypots in a network should not affect critical network services and applications. A honeypot is a security resource who's value lies in being probed, attacked, or compromised.

There are two general types of honeypots:
  • Production honeypots are easy to use, capture only limited information, and are used primarily by companies or corporations;
  • Research honeypots are complex to deploy and maintain, capture extensive information, and are used primarily by research, military, or government organizations.