Honeypots

Honeypots
Kathleen Schwartz
Student, Rasmussen College
N430/CIS4385C Section 01 Computer Forensics

Honeypots A Honeypot is a decoy system or server that will gather information in regards to an intruder or attack that is attempting to infiltrate the system. The Honeypot will attract the attacker so they attack the decoy server or system and not the actual server or system. When the attack is happening the administrators can research the attack and learn what it is doing in order to stop this attack from entering the actual system. The pro for using a Honeypot is that the attacker will most likely hit the decoy first and this gives the IT staff time to research the attack and learn from it. The con is that this cannot replace security within the system. Using a Honeypot may make the administrators feel comfortable and they may not catch actual attacks to the system. They can also be expensive to setup and being that they may not work it might not be worth the cost. When using this for a forensic investigation it could be used to set up a decoy system in an attempt to draw in an attacker that is currently being investigated. The information could be collected and used against the attacker in court. It may also be used to be able to actually catch an attacker that has been intruding systems. Honeypots can be useful in forensic investigations because the investigators can gather information and there are no actually systems being harmed during this investigation.

References
Even, Loras R. Intrusion Detection FAQ: What is a Honeypot?, From http://www.sans.org/security-resources/idfaq/honeypot3.php