Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Honeypot (computing)
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
== Risks == The goal of honeypots is to attract and engage attackers for a sufficiently long period to obtain high-level [[Indicator of compromise|Indicators of Compromise]] (IoC) such as attack tools and [[Terrorist Tactics, Techniques, and Procedures|Tactics, Techniques, and Procedures]] (TTPs). Thus, a honeypot needs to emulate essential services in the production network and grant the attacker the freedom to perform adversarial activities to increase its attractiveness to the attacker. Although the honeypot is a controlled environment and can be monitored by using tools such as honeywall,<ref>{{Cite web|title=Honeywall CDROM β The Honeynet Project|url=https://www.honeynet.org/projects/old/honeywall-cdrom/|access-date=2020-08-07|language=en-US|archive-date=2022-10-11|archive-url=https://web.archive.org/web/20221011002345/https://www.honeynet.org/projects/old/honeywall-cdrom/|url-status=dead}}</ref> attackers may still be able to use some honeypots as pivot nodes to penetrate production systems.<ref>{{Cite book|author=Spitzner, Lance|title=Honeypots Tracking Hackers|date=2002|publisher=Addison-Wesley Professional|oclc=1153022947}}</ref> The second risk of honeypots is that they may attract legitimate users due to a lack of communication in large-scale enterprise networks. For example, the security team who applies and monitors the honeypot may not disclose the honeypot location to all users in time due to the lack of communication or the prevention of insider threats.<ref>{{Cite journal|last1=Qassrawi|first1=Mahmoud T.|author2=Hongli Zhang|date=May 2010|title=Client honeypots: Approaches and challenges|url=https://ieeexplore.ieee.org/document/5488508|journal=4th International Conference on New Trends in Information Science and Service Science|pages=19β25}}</ref><ref>{{Cite web|title=illusive networks: Why Honeypots are Stuck in the Past {{!}} NEA {{!}} New Enterprise Associates|url=https://www.nea.com/blog/illusive-networks-why-honeypots-are-stuck-in-the-past|access-date=2020-08-07|website=www.nea.com}}</ref>
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)