Specifying Honeypot Goals
The first, and most critical, step to successfully implementing honeypots is determining what you want to do with them. What do you expect your honeypots to accomplish? How do you want them to secure your environment? Honeypots will not replace your firewall, Intrusion Detection Systems, or security best practices, but they are part of your overall security architecture. You have to determine what their ideal role is for your organization.
The specific honeypot solutions discussed in the preceding six chapters each excelled at a specific area of security.
Preventing attacks through deception or deterrence—for example, Specter’s ability to emulate vulnerabilities or give warning messages.
Detecting attacks, acting as ...