A honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems or a passive means of network defense against attack.

Generally it consists of a computer, data, or a network site that appears to be part of a network but which is actually isolated, (un)protected, and monitored, and which seems to contain information or a resource that would be of value to attackers.

Why use a honeypot?

  • Security Analyst can use the information gained on a honeypot to see who is attacking the computer. This in turn allows for the possible blacklisting of the IP address at the firewall level to filter the malicious attacker.
  • Analyst can also use the information gathered to see the attacking technique used to gain access to the computer. This information becomes valuable to security analyst and helps to prevent attacks on real servers.
  • Honeypots can provide an early defense alert. The attack can be a warning of future attacks.
  • Honeypots deflect the attention of the attacker away from ‘real’ servers.
  • Logs provide information on the extent of an attack by users.