Intrusion Detection FAQ: What is a honeypot? Why do I need one?
A “honeypot” is a tool that can help protect for network from unauthorized access. The honeypot contains no data or applications critical to the company but has enough interesting data to lure a hacker. A honeypot is a computer on your network the sole purpose is to look and act like a legitimate computer but actually is configured to interact with potential hackers in such a way as to capture details of their attacks. Honeypots are known also as a sacrificial lamb, decoy, or booby trap. The more realistic the interaction, the longer the attacker will stay occupied on honeypot systems and away from your production systems. The longer the hacker stays using the honeypot, the more will be disclosed about their techniques. This information can be used to identify what they are after, what is their skill level, and what tools do they use. All this information is then used to better prepare your network and host defenses. The honeypot can be used to augment the deployment of an IDR system.
