Introduction to Honeypots

A honeypot is a closely monitored computing resource that we want to be probed, intruded, attacked, or compromised. A honeypot is defined as "an information system resource whose value lies in unauthorized or illicit use of that resource". A honeypot can capture every action an intruder or attacker makes inside the honeypot. A honeypot can log access attempts, can capture keystrokes, can identify the files accessed and modified, can identify the programs executed within honeypot. If an attacker is unaware that he’s inside a honeypot, we can even identify his ultimate intentions.

Honeypots can be placed inside the network, outside the network or inside DMZ (Demilitarized Zone). They can even be placed in all of the above locations.

Honeypots are necessary to learn how intruders and attackers probe and attempt to gain access to your systems. By learning and recording how intruders and attackers probe and attempt to gain access to the systems, we can gain insight into attack methodologies to protect our real production systems.

Honeypots are also necessary to record and provide forensic information of an attack to government law enforcement agencies. These records generated by the honeypots are required to prosecute the intruders and attackers.