The translation of the word honeypot is honey pot. InIT security, a honeypot is an easy-to-reach, camouflaged target for deliberately attracting attackers. If such a honeypot is part of a network, it is called a honeynet. Attacks on honeypots or honeynets are precisely logged in order to be able to draw conclusions about defensive measures.
Honeypots and honeynets are not accessed by authorized network users because they are unknown to them and the services installed on them do not serve the actual business purpose. They merely represent a supposedly interesting target for attackers. Networks with built-in security traps are also known as honeynets. To better detect the attack patterns of intruders, security experts use virtual honeypots that simulate networks and intentionally lead attackers to the honeypot by means of deception.
If the honeypot is addressed, all events are logged by it and, depending on the level of interest, an alarm can be triggered. From the logged document, conclusions can be drawn about the attackers' modus operandi and about any new attack techniques. These findings can then be used to ward off such or similar attacks. Deutsche Telekom documents show that more than half of the attacks targeted network security, with the hackers focusing on interfaces for remotecomputermaintenance. A quarter of the attacks were aimed at gaining control over other people's computers, and some were aimed at tapping passwords.
Honeypots are flexible security devices with various security applications. They are not fixed on a specific problem, but can be used many times for information gathering, attack detection and prevention. Honeypots are divided into production honeypots, which are simple to use and can collect a limited amount of information, and research honeypots, which are complex enough to collect and analyze information. While the former are used in companies, the latter are found in research, administrative and military institutions.