Deploying Honeynets

Deploying Honeynets

Ronald C. Dodge Jr., Daniel Ragsdale
DOI: 10.4018/978-1-59140-911-3.ch017
(Individual Chapters)
No Current Special Offers


When competent computer network system administrators are faced with malicious activity on their networks, they think of the problem in terms of four distinct but related activities: detection, prevention, mitigation, and response. The greatest challenge of these four phases is detection. Typically, detection comes in the form of intrusion detection system (IDS) alerts and automated application and log monitors. These however are fraught with mischaracterized alerts that leave administrators looking for a needle in a haystack. One of the most promising emerging security tools is the honeynet Honeynets are designed to divert the malicious user or attacker to non-production systems that are carefully monitored and configured to allow detailed analysis of the attackers’ actions and also protection of other network resources. Honeynets can be configured in many different ways and implemented from a full DMZ to a carefully placed file that is monitored for access.

Complete Chapter List

Search this Book: