In the game of information security, usually the good guys have to constantly stay a step behind the bad guys so that they can see what they are going to do next.
It is a game that is hard to win because you are always on defense.
Every now and then though, if you have the right strategy, defense is the best game plan to win.
Playing defense allows you to examine what your opponent is doing and lets you form a strategy to counteract it.
This is why security professionals use a honeypot.
This allows people in security to follow the tactics and patterns of hackers and script kiddies.
What Is A Honeypot?
If you are new to the security field, or a casual observer, you might be wondering what exactly a honeypot is?
It is a weird name for something in the world of security.
The name is actually perfect for what it does though.
It is a virtual trap that is set up for hackers, that allows them to exploit a server or a fake company network.
The phony network is separated from anything of value.
Sometimes it might be planted with fake data that might look important, but in actuality means nothing.
This is done so that security people can study the exact habits of hackers.
It also provides a look at new attacks that security professionals might not be aware of.
There is no better way of getting a good look at the procedures and techniques that the bad guys might use, then letting them go wild in a secured system while you watch.
The most important thing that you can do as a security professional that is running a honeypot is to make sure you collect the right set of data.
It is important to know about the exploits that the bad guys are using but that is not the only thing that you want to know about.
You also want to make sure that you collect information about where the attacks are originating from, as well as the equipment they are using.
Are they using a proxy?
Are they using well know tools or do they have new tools that you might not have heard of?
Some of the techniques that they use can also let you know if they are a professional or simply a script kiddie.
There are several open source projects that will help a security administrator set up their own honeypot on their network.
Even though the projects are open source, they are still effective to all but the craftiest hackers.
It is a good idea to use these set ups.
You can configure them to trap email, spam, and other types of exploits on your system.
Setting up a honeypot is a good idea to gather information about people who may try to attack your system.
Make sure that you use the information that is gained to your advantage.