Description

A honeypot is an information system resource whose value lies in unauthorized or illicit use of that resource. Honeynets are nothing more than a type of honeypot which is “a security resource whose value lies in being probed, attacked or compromised”. Usually, honeypots and honeynets are used to gather information about threats that organizations might face and therefore protect them. They are often classified by the level of interactivity they allow attackers. Some characteristics of both types of honeypots are well known among the research community. Low interactivity honeypots are used for production purposes because they are easy to deploy and maintain, involve few risks for the organizations using them but still gather valuable information. High-interactivity honeypots are more difficult to deploy and maintain, gather extensive amount of information but involve more risks for organizations. However, no work has been done so far to validate these statements. This is what this work will focus on. Our main goal is to point out the main differences between honeypots and honeynets. Describe and discuss the importance of both these technologies. Introduce the concept of distributed honeypots. Determine how security can be enhanced using honeypots, honeynets, distributed honeynets or a combination of them.