Honeypot

From Citizendium
Revision as of 07:57, 20 March 2010 by Sandy Harris (Talk | contribs) (fix a link, bypass disambig)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
This article is developing and not approved.
Main Article
Discussion
Related Articles  [?]
Bibliography  [?]
External Links  [?]
Citable Version  [?]
 
This editable Main Article is under development and subject to a disclaimer.

A honeypot is a computer, attached to a network, intended to attract the malicious interest of miscreants. It may attract automated attack software, or deliberate penetration attempts. There are multiple reasons for having honeypots, which have evolved over time. Today's most common application is both as an early warning of attacks specifically intended for a protected resource, and the general capture of attack vectors so countermeasures can be developed.

The first honeypots were visible and intended to attract the notice of humans, with names suggesting they might contain money, erotica, or secrets. This was done at a time when miscreants were primarily motivated by personal challenge, and it became apparent that the psychology of honeypot use could be complex. If a miscreant found he had been tricked into a honeypot, he might become enraged and start a concerted attack. For this reason and others, it is essential that honeypots be as isolated as possible from actual resources. Often, they are "air gapped", having no physical connection to an internal network.

Honeypots can also be deployed completely within an inside network, to detect trusted abusers of resources.

Honeypots and sinkholes have some commonality of use, in that they both provide targets for attack. The honeypot, however, is more isolated yet made to be more attractive, where sinkholes are more an automated protective mechanism for diverting large-scale attacks.