An agent of espionage who aligns themselves with their target's wish or fantasy in order to expose them to blackmail. This alignment is almost always sexual in nature, and ideally somewhat embarrassing.

Some good ways to make a honey pot on your computer.

  • Make a fake account of course. It shoud be easy to break into, but it should have as few privileges as possible.
  • Make ls (or cd) set off alarms all over the place, trace the person who did it, their IP, time of day, reverse DNS lookup, anything you can think of. Maybe ban their subnet if you are just trying to be cautious and not catch people.
  • Make root a honeypot account. Make your root account something other than root. It might be hard getting used to not using ls and root but it worth it for hard core security.
A honeypot is a tool commonly used in computer security to learn more about hackers. Honeypots are commonly mistaken for defensive tools, when in reality they are more educational than anything.

The idea behind a honeypot is that you emulate or create a completely functional computing environment that can be monitored and controlled at all times. For example, you may set up a mail server on a controlled part of your network with a vulnerable version of Sendmail (popular Unix-based email server software) installed on it. You can then watch as hackers attack the computer, and gather data about the types of attacks and how they are implemented. The danger with this scenario is the risk that the attackers will be able to use the vulnerable computer to launch attacks on your internal network. This is why there are two ways of implementing honeypots.

The first way is described above. The thinking here is that you want the honeypot to be as realistic as possible. The best way to emulate a real environment is by simply creating one. By using an actual vulnerable system, you are virtually assuring that you will be able to dupe the hacker into believing that they have cracked a "real live" computer. Again, the problem is the risk of actually being attacked. If a hacker discovers that they have stumbled onto a honeypot, they are not likely to be very happy about that. A honeypot implemented in this fashion should be as controlled as possible, and as far from your internal network as you can get it.

The second way of implementing a honeypot is with software. There is lots of software that will simply run on an open port of an existing server that will emulate a vulnerable system. When a hacker connects to the system over the port, the system looks like it's running a vulnerable application on the port. The problem with this implementation is the realism. You can only make software behave so close some point the hacker is going to attempt to execute a command or utilize a function of the real software that the honeypot is not prepared for. Then, you'd better hope you have good intrusion detection!

Overall, honeypots are a valuable tool for the information security professional, and they're one that I feel is under-utilized. They are not to be misunderstood, however. Honeypots are not a defensive tool similar to intrusion detection or a firewall. They are used almost exclusively for research.

Log in or registerto write something here or to contact authors.