O'Reilly logo

Hacking the Hacker by Roger A. Grimes

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

19Honeypots

I have been intrigued by computer security honeypots ever since I read Clifford Stoll’s 1989 book The Cuckoo’s Egg (https://www.amazon.com/Cuckoos‐Egg‐Tracking‐Computer‐Espionage/dp/1416507787/), with his identification and capture of a foreign spy. Since then I’ve run up to eight different honeypots at a time tracking malware and hacker behavior. I’m frequently involved in professional honeypot projects, and I even wrote a book on them called Honeypots for Windows (https://www.amazon.com/Honeypots‐Windows‐Books‐Professionals/dp/1590593359/). I believe that all companies should include one or more honeypots in their defenses.

What Is a Honeypot?

A “honeypot” is any system set up for the expressed purpose of being a “fake” system to detect unauthorized activity. A honeypot can be a computer system, a device, a network router, a wireless access point, a printer—anything the honeypot administrator wishes to deploy. A “honeynet” is a collection of honeypots. A honeypot can be created by deploying a real but otherwise unused system or by deploying specialized honeypot software that emulates systems.

The emulation can be anywhere along the Open Systems Interconnection (OSI) model layers—Physical, Data‐Link, Network, Transport, Session, Presentation, or Application—or any combination of these layers. There are many open‐source and commercial honeypot options, each offering various features and realism. The buyer must beware though. There are some honeypot products that ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required