Honeypot

A honeypot is a security mechanism that creates a fake target to attract attackers. By mimicking legitimate systems, honeypots lure attackers away from real assets while providing valuable intelligence about attack methods, tools, and motivations.

Types of honeypots:

• Low-interaction: Simulate limited services and capture basic attack data
• High-interaction: Full systems that allow deeper attacker engagement
• Production honeypots: Deployed within production networks to detect intrusions
• Research honeypots: Used to study attack techniques and trends
• Honeynets: Networks of honeypots simulating an entire infrastructure
• Deception platforms: Commercial solutions deploying decoys across the network

Honeypot use cases:

• Early warning: Detect attackers who have breached the perimeter
• Threat intelligence: Understand attacker tools, techniques, and procedures
• Lateral movement detection: Catch attackers moving through the network
• Credential theft detection: Detect use of planted fake credentials (honey tokens)
• Diversion: Waste attacker time and resources on fake targets

Deployment considerations:

• Place honeypots where attackers are likely to explore
• Make honeypots convincing but clearly not real to internal staff
• Monitor honeypot activity continuously (any access is suspicious)
• Isolate honeypots from production systems
• Use honey tokens (fake credentials, files) alongside honeypot systems
• Document and maintain honeypots to prevent confusion