Brief Overview On Honeypots

           Honeypots are closely monitored network decoys serving several purposes: they can distract adversaries from more valuable machines on a network, they can provide early warning about new attack and exploitation trends and they allow in-depth examination of adversaries during and after exploitation of a honeypot.

           Honeypots are a highly flexible security tool with different applications for security. Instead they have multiple uses, such as prevention, detection, or information gathering. Honeypots all share the same concept: a security resource that should not have any production or authorized activity. In other words, deployment of honeypots in a network should not affect critical network services and applications. 

There are two general types of honeypots: Production honeypots are easy to use, capture only limited information, and are used primarily by companies or corporations. Research honeypots are complex to deploy and maintain, capture extensive information, and are used primarily by research, military, or government organizations.

The term prevention means to keep attackers out. Honeypot resources do that by keeping the attackers busy. As long as an attacker wastes his time on a honeypot, he cannot attack production systems. Attackers do not like to be under surveillance. They are often scared off if they are aware of the presence of deception systems.

Production systems have to run all day long and do not allow an in-depth examination. They also pollute the gathered information from the attacker with normal activity. This makes it hard to reproduce the incident. After an incident, the honeypot can be taken online without caution. It can be stripped down for further investigations. This allows you to get maximum information from the data recorded. Therefore honeynets and honeypots are quite the useful tool in considering computer security.