I have been intrigued by computer security honeypots ever since I read Clifford Stoll’s 1989 book The Cuckoo’s Egg (https://www.amazon.com/Cuckoos‐Egg‐Tracking‐Computer‐Espionage/dp/1416507787/), with his identification and capture of a foreign spy. Since then I’ve run up to eight different honeypots at a time tracking malware and hacker behavior. I’m frequently involved in professional honeypot projects, and I even wrote a book on them called Honeypots for Windows (https://www.amazon.com/Honeypots‐Windows‐Books‐Professionals/dp/1590593359/). I believe that all companies should include one or more honeypots in their defenses.

What Is a Honeypot?

A “honeypot” is any system set up for the expressed purpose of being a “fake” system to detect unauthorized activity. A honeypot can be a computer system, a device, a network router, a wireless access point, a printer—anything the honeypot administrator wishes to deploy. A “honeynet” is a collection of honeypots. A honeypot can be created by deploying a real but otherwise unused system or by deploying specialized honeypot software that emulates systems.

The emulation can be anywhere along the Open Systems Interconnection (OSI) model layers—Physical, Data‐Link, Network, Transport, Session, Presentation, or Application—or any combination of these layers. There are many open‐source and commercial honeypot options, each offering various features and realism. The buyer must beware though. There are some honeypot products that ...