Honeypots

Honeypots can be used to capture and analyze automated attacks, such as worms, or act as early indication and warning sensors. Honeypots also have the capability to analyze the activities of the blackhat community, capturing the keystrokes or conversations of attackers. Some believe a honeypot should emulate vulnerabilities. Others see it as simply a jail. There are also some who view honeypots as controlled production systems that attackers can break into. The multiple honey-pot images created by a single CyberCop Sting installation greatly increased the chance of the honeypots being found and attacked. In 1998, Marty Roesch, while working at GTE Internetworking, began working on a honeypot solution for a large government client. Low-interaction honeypots are the simplest in terms of implementation and typically are the easiest to install, configure, deploy, and maintain because of their simple design and basic functionality. The high-interaction honeypots are different from low-interaction honeypots in terms of implementation and collecting information.