What is a honeypot attack?
An attack occurs when hackers find a honeypot and make their way in. For honeypot network security to be successful, the honeypot must attract attacks. As an example, Symantec created an internet of things (IoT) honeypot architecture in 2015 to draw in hackers of connected consumer devices like routers, cameras, and video recorders. As the attacks poured in, the company discovered a great deal about hackers that target IoT devices. Based on IP addresses, they found that the attacks most commonly originated from China, the United States, Russia, Germany, and Vietnam. They also learned the passwords that hackers tried to use—"admin" and "123456" were the top attempts.
Honeypots come in two main varieties: production and research. A production honeypot is placed within an organization’s production network to learn the identity of potential hackers. Mainly utilized by corporations, production honeypots are relatively simple to deploy but only reveal limited information. Research honeypots, by contrast, are standalone systems designed from the ground up to entice attackers. They are complex to design, but provide more information on black-hat hackers. Used to identify emerging, widespread threats, research honeypots are developed in academia, military organizations, and governments.
What is the difference between a honeypot and a honeynet?
Whereas a honeypot is a single entity, a honeynet is two or more honeypots on the same network. Honeypot networking is typically implemented as part of a larger network intrusion detection system. Honeynets are used on large, complex networks where just one honeypot would not be enough.
An email trap is another form of honeypot cybersecurity. This is an email address expressly designed to attract spam messages. Email traps can reveal where spammers find their targets and identify spam email addresses to be blacklisted and blocked.
Ensure you're always protected from outside attacks by reading through our blog for other common IT threats.