Honeypots

Just as honey attracts bears, a honeypot is designed to attract hackers. Honeypots have no production value. They are set up specifically for the following purposes:

  • Providing advance warning of a real attack
  • Tracking the activity and keystrokes of an attacker
  • Increasing knowledge of how hackers attack systems
  • Luring the attacker away from the real network

A honeypot consists of a single computer that appears to be part of a network, but is actually isolated and protected. Honeypots are configured to appear to hold information that would be of value to an attacker. Honeypots can be more than one computer. When an entire network is designed around the principles, it is called a honeynet. A honeynet is two or more honeypots. The idea is to lure the hacker into attacking the honeypot without him knowing what it is. During this time, the ethical hackers can monitor the attacker’s every move without him knowing. One of the key concepts of the honeypot is data control. The ethical hacker must be able to prevent the attacker from being able to use the honeypot as a launching point for attack and keep him jailed in the honeypot. To help ensure that the hacker can’t access the internal network, honeypots can be placed in the DMZ or on their own segment of the network.Two examples of this are shown in fig.

Two examples of honeypot placements.

Honeypots

A great resource for information about honeypots is “The Honeynet Project,” which can be found at www.honeynet.org. This nonprofit group of security professionals has dedicated itself to studying the ways that honeypots can be used as a research and analysis tool to increase the ability for ethical hackers to defend against attacks.