Research Honeypots
A honeypot that is used to gather information about attackers, attack patterns and techniques. For example, a series of poorly secured web servers that have many vulnerabilities may be deployed by a government or information security firm to improve products or gather information.Pure Honeypots
A full copy of a production system, typically stripped of sensitive data. For example, an instance of a banking website that is fully function but that doesn't connect to real customer data. If you are able to detect an attack you might forward the attackers to a pure honeypot as opposed to blocking them. This allows you to collect data and waste an attacker's time and resources.High Interaction Honeypots
A honeypot that simulates a production system, often with slow response times designed to slow attacks.Low Interaction Honeypots
A honeypot that doesn't behave like a production system but is designed to be scalable and resource efficient. This may be used as a distraction that is relatively inexpensive.Malware Honeypots
Simulation of resources that malware commonly tries to exploit such as an outdated API that contained security flaws.Spam Honeypots
Simulation of resources such as open mail relays that spammers commonly exploit.Email Trap
An email that is published to detect spam. For example, an email may be published on a web page in a way that isn't obvious to users but gets picked up by email scrapers.Spider Trap
A resource designed to detect web crawlers, also known as web spiders. For example, a link on a page designed to be invisible to users will commonly be picked up by spiders.Database Honeypot
A fake database may be used by security features such as database firewalls when they detect an intrusion attempt.Honeynets
A network of honeypots. For example, an intrusion detection system might deploy an entire virtual network of insecure resources in order to detect a variety of attack patterns.Advanced Measures
Honeypots may be set up by information security experts in order to detect advanced persistent threats. For example, a fake table with an attractive name such as "CUSTOMER_PASSWORD" could be inserted to a database with queries to the table triggering security notifications.Overview: Honeypot | ||
Type | ||
Definition | A fake resource that is used to detect or divert information security attacks. | |
Etymology | An analogy to a bear being attracted and distracted by honey. | |
Related Concepts | Advanced Persistent ThreatData Breach Defensive Computing Information SecurityPassive Attack |