Honeypots

Honeypots are typically used in one of two main fashions: as part of an organization’s computer network monitoring and defense, and by security researchers who are trying to keep up with the activities of blackhats.

Production environment Honeypots deployed in a production environment serve to alert ad- ministrators to potential attacks in real time. Because of the advanced level of logging and information that is available on a honeypot, better defenses against the attacks may be able to be devised for implementation on the real servers. Production honeypots tend to be reactive in nature.

Research environment In a research environment, security analysts are trying to figure out what the next generation of attacks by malicious users will be. These honeypots can be quite dynamic, as they are adjusted and tweaked to lure attackers and respond to new attack strategies. Often a research honeypot is actively monitored by a person in real time.