Honeypots: To Lure or Not To Lure

In Cybersecurity by Ian0 Comments

This entry is part 2 of 8 in the series Prevention and Protection Strategies

Honeypots are sometimes used as an active defense mechanism for network security and provide a means for targeting attackers and recovering forensic evidence.  A typical honeypot traps attacks, records intrusion information about tools and activities of the hacking process, and prevents attacks outbound the compromised system.  Zou & Cunningham (2006).  They are used in various organizations in order to catch attackers and collect valuable information on the nature of their perpetrators.

Honeypots are sometimes considered when the organization has the resources to adequately maintain and monitor such systems.  In the U.S. large financial organizations have turned the hackers’ strengths into a weakness by implementing “active defense” through digital deception. With the help of the Pentagon and Department of Homeland Security, banks are creating “honeypots”,  fake online bank accounts registered to a “fake” user. When hacked, the forensic evidence has been used to track the location and methods of the hackers (Nakashima, 2013).

There are however times when honeypots should not be considered as an active defense strategy.  This ultimately depends on the nature of the organization and whether or not they have qualified security personnel on staff to both correctly implement as well as maintain a honeypot for any given duration of time.  Situations where honeypots are setup by organizations that do not have the means to effectively manage them can lead to an unintended vulnerabilities and potentially breached systems.  In addition to this, liability implies that an organization could be ultimately sued if a honeypot is compromised and used to harm others.  Cole & Northcutt (n.d.).

The bottom line is that whether or not to use a honeypot in a security plan depends on the nature of the organization and available resources.  If a decision is made to use one as an active form of defense, the organization should ensure they understand the risks associated with them and proceed accordingly.


  1. Cole, E., and Northcutt, S. (n.d.).  Honeypots: A Security Manager’s Guide to Honeypots.  Sans.  Retrieved from: http://www.sans.edu/research/security-laboratory/article/honeypots-guide.
  2. Nakashima, E., (January 2013), To thwart hackers, firms salting their servers with fake data, Retrieved from: http://articles.washingtonpost.com/2013-01-02/world/36211654_1_hackers-servers-contract-negotiations
  3. Zhang, F., Zhou, S., Qin, Z., & Liu, J. (2003). Honeypot: a supplemented active defense system for network security. In Proceedings of the Fourth International Conference on Parallel and Distributed Computing, Applications and Technologies, 2003. PDCAT’2003 (pp. 231–235). doi:10.1109/PDCAT.2003.1236295
Series Navigation<< Intrusion DetectionManaging Access to Information Resources >>


Leave a Comment