Honeypots

Information systems security was always important issue for anyone using computers, whether it is an organization or private citizens. The use of the Internet has made it increasing more important. As new technologies emerge, so does the different types of attacks on information systems. Organizations are continually trying to find more aggressive ways to protect their systems from these attacks. In this paper, I will discuss what honeypots are, the different types and categories of honeypots along with their advantages and disadvantages, their use to organizations, and the legal issues that may come along with using them.

A honeypot is a computer system on a network that serves as a trap to lure hackers away from important network resources towards those that have no value to the organization (Cole, Krutz, & Conley, 2005). Spitzner (2003) defines a honeypot as “an information system resource whose value lies in unauthorized or illicit use of that resource”. Since a honeypot has no value to the organization, it should not have any activity. If there is activity on the honeypot, it is almost certain that it is unauthorized (Spitzner, 2003). While the hacker is accessing the honeypot, its actions are closely monitored. The purpose of using a honeypot is to distract hackers away from valuable resources, provide early warning about an attack, and gain information about a hacker’s methods and technologies (Tipton & Krause, 2005).

The first known honeypot came to light in a book named ‘The Cuckoo’s Egg, written by Cliff Stoll. Mr. Stoll was a systems manager at a college when 75 cents accounting error caused him to find an unauthorized user on his system. He decided to let the hacker stay on the system so that he could monitor the hacker’s actions and ultimately track him down.

The types of honeypots are production, research, and honeytokens. Honeypots are also categorized by their level of interaction such as low, medium, and high.

Production...