A honeypot is a security system designed to detect and counteract unauthorized access or use of a computer system. The name "honeypot" is used in reference to the way the system traps unauthorized users, such as hackers or spammers so they can be identified and prevented from causing further problems.
Honeypots are different than typical security solutions because they intentionally lure in hackers or users with malicious intent. For example, a company may purposely create a security hole in their network that hackers could exploit to gain access to a computer system. The system might contain fake data that would be of interest to hackers. By gaining access to the data, the hacker might reveal identifying information, such as an IP address, geographical location, computer platform, and other data. This information can be used to increase security against the hacker and similar users.
Another example of a honeypot is an email honeypot designed to counteract spammers. It may be configured as a fake email address that is intentionally added to known spam lists. The email address can be used to track the servers and relays that send spam to the honeypot account. This information can be used to blacklist certain IP addresses and domain names in anti-spam databases. An email honeypot can even be used as a counterattack tool, which forwards spam to the email addresses of identified spammers.
While honeypots are an effective way to monitor and protect information systems, they can also be expensive to maintain. Therefore, honeypots are used primarily by large companies and organizations, rather than small businesses. Government and educational institutions may also deploy research honeypots as a means of tracking unauthorized access attempts and improving security solutions.
Updated: September 17, 2013