Honeypots and Honeynets: Analysis and Case Study

Honeypots and Honeynets: Analysis and Case Study

José Manuel Fernández Marín, Juan Álvaro Muñoz Naranjo, Leocadio González Casado
DOI: 10.4018/978-1-4666-6324-4.ch029
(Individual Chapters)
No Current Special Offers


This chapter presents a review and a case of study of honeypots and honeynets. First, some of the most important and widely used honeypots in the current market are selected for comparative analysis, evaluating their interaction capacity with an attacker. Second, a self-contained honeynet architecture is implemented with virtual machines. An intrusion test is performed against the honeynet to observe the quality and quantity of the information collected during the attack. The final goal of this analysis is to assess the capacity of monitoring and threat detection of the honeynets and honeypots.
Chapter Preview


Cybercrime has become a primary concern for users, governments and companies due due to the scarcity of security professionals in organizations, poor management practices of private and confidential information by employees and misinformation of society. The scope of professional cybercrime is broadening and keeps covering new fields and technologies to commit crimes. The first cybercriminals acting alone or in small groups, but today have evolved to a modular organizational model comprising a large number of skilled people that communicate over the network.

Key Terms in this Chapter

Zombie: Infected computers that can be used by a third party in order to carry out hostile actions against a victim. This use of the computer is made without the knowledge or authorization of the computer's real owner. Once infected, the computer becomes part of a botnet.

Malware: Kind of software intended for host intrusion and/or damage. The term covers hostile, intrusive and rogue software such as viruses, worms, trojans, most rootkits, scareware, spyware, crimeware and other malicious software.

Spam: Unsolicited or unwanted emails, from an unknown sender, usually of a commercial kind and massively sent.

Botnet: Network composed of infected hosts remotely controlled by an attacker.

Intrusion Detection System (IDS): Piece of software used for non-authorized access detection on computers or networks. These systems usually have virtual sensors (such as network sniffers) that help obtaining external data (normally about network traffic) and thus detecting anomalies arising from attacks.

Phishing: Kind of cybercrime committed through social engineering with the intention of obtaining confidential information like passwords or PINs.

Exploit: Piece of software that takes advantage of a security vulnerability with the intention of obtaining a behaviour undesired by the legitimate user. Exploits are not malicious code themselves: they are usually used as a first step for other purposes like non-authorized access or malware propagation.

Complete Chapter List

Search this Book: