Home / Definitions / Honeypot

Honeypot

Vangie Beal
Last Updated May 24, 2021 7:45 am

Honeypot is an Internet-attached server that acts as a decoy, luring in potential hackers in order to study their activities and monitor how they are able to break into a system. Honeypots are designed to mimic systems that an intruder would like to break into but limit the intruder from having access to an entire network. If a honeypot is successful, the intruder will have no idea that s/he is being tricked and monitored.

Most honeypots are installed inside firewalls so that they can better be controlled, though it is possible to install them outside of firewalls. A firewall in a honeypot works in the opposite way that a normal firewall works: instead of restricting what comes into a system from the Internet, the honeypot firewall allows all traffic to come in from the Internet and restricts what the system sends back out.

By luring a hacker into a system, a honeypot serves several purposes:

  • The administrator can watch the hacker exploit the vulnerabilities of the system, thereby learning where the system has weaknesses that need to be redesigned.
  • The hacker can be caught and stopped while trying to obtain root access to the system.
  • By studying the activities of hackers, designers can better create more secure systems that are potentially invulnerable to future hackers.

A network of honeypots is often called a honeynet.