22.5. Honeypot Monitoring
The final concept I want to mention in this chapter is that of a honeypot, a computer configured specifically to attract all the unsavory characters you normally try so hard to keep away from your Macs! Setting up a honeypot is something no one should undertake lightly — if you manage a small home or office network, especially one with few or no public servers, it's not worth your time or effort. However, honeypots can have value on large networks, especially those with high-value data or resources or those frequently the target of break-ins.
Because the design and administration of honeypots is a long and complex topic and this book is primarily geared toward those whose networks are too small to benefit from them, I've chosen not to provide detailed instructions here on setting them up. Nevertheless, honeypots are intriguing and useful enough that those interested in Mac security should have at least a passing acquaintance with how they work.
The main reason for honeypots is to provide a source of information — to help you, as a network administrator, discover exactly what the bad guys are up to without endangering your data. Based on what you see happening on the honeypot, you can take steps to protect your production computers and perhaps even predict imminent attacks.
Ordinarily, a honeypot's existence isn't advertised at all. It's just a computer sitting on your network, without any links or pointers to it whatsoever — but also with few or no security ...
Get Mac® Security Bible now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.