A honeynet is a network set up to catch a hacker's attention. It's designed to look, feel, and act just like a network packed tight with valuable resources. But it also contains plenty of monitoring tools. Lure in a hacker, and you can study how that person moves through your system and tries to steal what is yours. Those results can help you beef up your security setup.
A honeynet can be a standalone network, or you can create a so-called virtual honeynet. Here, you'll create something that appears to be an entire network. In reality, it resides on a single server.
How do honeynets work?
Building a realistic trap for a hacker isn't easy. Honeynets rely on a series of elements, all working together seamlessly.
- Honey pots. These computer systems are set up to trap hackers. Sometimes, they're used for research purposes. And sometimes, they're decoys that lure hackers away from valuable resources. When plenty of pots come together, a net is formed.
- Applications and services. Hackers must be convinced that they've entered a valid, worthwhile environment.
- No authorized activity or users. A true honeynet has no use aside from trapping hackers.
- Honeywalls. You must be able to study and learn from the honeynet attack. The system should keep accurate records of traffic moving into and out of the honeypot.
A lure entices your hacker to enter one of your honey pots. Once there, the hacker attempts to gain deeper access to your system. At that point, the attack has moved into your honeynet, and the research can begin.
What Are Honeynets Used For?
Most security professionals spend every minute of the workday trying to keep hackers out. Why would they want to bring them in? The data you pull from a honeypot can be crucial.
Imagine that you believe you've built the strongest, safest network for your company. You've told everyone the system can't be breached. But are you really sure? What vulnerabilities are you leaving behind? And if someone got inside, what would happen next?
Honeynets help you answer questions just like this. You'll watch a hacker move through a mirror image of your system, and you'll see just where you went wrong. You can fix your mistakes long before your company loses anything valuable.
You could use simple honey pots for research. But hackers expect to find more than one machine when they breach a company's infrastructure. Building a honeynet allows the deception to last longer, and that could result in more data.
Honeynet Research Continues
Individual system administrators aren't the only professionals interested in hacker techniques. Governments, educators, and law enforcement officials also want to know how to stop theft and build a safer online world. The Honeynet Project may help.
Started in 1999, the Honeynet Project exists to research hackers via honeypots and honeynets. Volunteers within the group use normal computers set up as bait, and they monitor activity closely to spot attacks.
The Honeynet Project's mission is to, "Learn the tools, tactics, and motives involved in computer and network attacks, and share the lessons learned." The team follows three basic pillars in their work.
- Conduct research. Volunteers build networks and try out security tools for blocking purposes. They gather up information on how hackers work and what software tools they use.
- Build awareness. The team shares the results of all research, so the security community can understand current threats and prevention approaches.
- Create tools. If organizations want to build their own honeynets and honey pots, the team offers information about the tools and techniques they've developed.
Anyone interested in finding out more about how hacks work and what the current threat landscape looks like should follow the Honeynet Project closely.
If you're interested in testing your security approach, but you're not ready to commit to creating a honeynet, consider penetration testing. We've written up a blog post about what this involves and how it works. We invite you to check it out!
Honeypotting. (2009). Virtualization for Security.
What Is a Honeypot? A Trap for Catching Hackers in the Act. (April 2019). CSO.
About Us. The Honeynet Project.