A Honeypot is a security tool that is meant to capture and warn you attempts at intrusion. Usually honeypots are placed on an external network, at the beginning of your company’s IP address range. This is meant to capture external threats that are scanning and looking for weaknesses. There is now a growing use of honeypots for internal use. Here are some benefits:
Internal threats
An internal honeypot will catch hacking or intrusion attempts from someone inside the network. These threats are usually hard to find because most systems won’t log such attempts. With a honeypot and thanks to the fact that the user will have an internal ip address, he or she can be identified and warned immediately.
Malware
Honeypots can also identify attempts by malware to propagate. In an internal network, this means that we can also identify the machine that has been infected and take action. There are many ways for malware to infiltrate an internal network, such as Skype or mail attachments. This will help prevent its spread.
Safety
Any detected threats can also be automatically dealt with. For example an attempt to use an exploit on a honeypot can trigger a set of responses. Helpdesk and IT management can be informed. The computer in question which generated the attempt can be locked out of the network and the user’s account locked. This also allows responses to threats after hours when IT staff are not on the premises.