When competent computer network system administrators are faced with malicious activity on their networks, they think of the problem in terms of four distinct but related activities: detection, prevention, mitigation, and response. The greatest challenge of these four phases is detection. Typically, detection comes in the form of intrusion detection system (IDS) alerts and automated application and log monitors. These however are fraught with mischaracterized alerts that leave administrators looking for a needle in a haystack. One of the most promising emerging security tools is the honeynet Honeynets are designed to divert the malicious user or attacker to non-production systems that are carefully monitored and configured to allow detailed analysis of the attackers’ actions and also protection of other network resources. Honeynets can be configured in many different ways and implemented from a full DMZ to a carefully placed file that is monitored for access.