Honeypots
How do you catch a mouse? You set a
trap with bait (food the mouse finds attractive) and catch the mouse after it
is lured into the trap. You can catch a computer attacker the same way.
You put up a honeypot for several
reasons:
·
to watch what attackers do, in order to learn about new attacks
(so that you can strengthen your defenses against these new attacks)
·
to lure an attacker to a place in which you may be able to learn
enough to identify and stop the attacker
·
to provide an attractive but diversionary playground, hoping that
the attacker will leave your real system alone
A honeypot has no special features.
It is just a computer system or a network segment, loaded with servers and
devices and data. It may be protected with a firewall, although you want the
attackers to have some access. There may be some monitoring capability, done
carefully so that the monitoring is not evident to the attacker.