The pros and cons of using a honeypot
I understand to a certain extent what a honeypot is and what it does -- but
what are the issues you have to be careful about when implementing one? A
vendor is trying to sell us one, making it sound very easy to install and
configure. But what are the pros and cons of a small company trying to
Personally, I am not a supporter of honeypots, so it is difficult for me
to discuss many pros. About the only pro worth mentioning, is that
the honeypot is likely to be attacked before your real network and
if appropriately monitored, can help you stop the attack before it
gets to your critical machines.
As for cons, there are a few. First, do you really want to attract attackers
to your network? That's why it's called a honeypot. Just like attracting bees
to the honey, instead of your picnic. Second, do you have enough extra
equipment to set up a honeypot that looks real enough? As more honeypots
have been put in place, attackers have begun to recognize and avoid
them. Finally, do you have the necessary staff to monitor the honeypot, in
addition to your other network defenses?
Most small companies would be better served in having a good, well-monitored
firewall and having staff concentrate on keeping all systems current, with regard to security patches.
I'm sure the honeypot sales people have a different view, and I invite them
to share their opinion in the
.k5u2aPZwccR^0@/searchsecurity>searchSecurity Discussion Forums
This was first published in May 2001