What is a Honeypot

A free video tutorial from Alton Teaches LLC
Start Learning IT Today to Advance Your Career
19 courses
206,163 students
Learn more from the full course
Microsoft Security Fundamentals
Learn the Fundamentals of Information Security for the Windows Operating System
13:05:12 of on-demand video • Updated January 2024
Understand the Fundamentals of Information Security
Learn Windows Operating System Security Fundamentals
Have a Working Understanding of The Many Aspects of IT Security
Be Prepared for More Advanced Information Security Courses
English [Auto]
In this video, we're going to talk about honeypot. So what is a honeypot? Well, here's a diagram of a honeypot. What it is, is that a honeypot is a decoy server or multiple servers, and they're typically placed in a DMZ, which we see down here. We have our firewall, we have our DMZ over here with a honeypot in it, and then our internal network protected on a different interface on the firewall. And the whole purpose of these honey pots being in a DMZ is they're designed to entice malicious users, meaning hackers to attack them rather than our internal network. And so how does this work? Well, they're set up to look just like live production servers. However, the I.T personnel are going to poorly configure them to make them much easier to exploit than our actual production servers. So they're more enticing to attack, they're easier to get into, they're easier to exploit. So why do we use a honeypot? Well, they serve a twofold purpose. The first one, of course, makes sense and it's kind of straightforward is a lure that the hackers away from our real network. So we would much rather have them attack our honeypot than our real production internal network. The second thing is that honeypots allow our i.t personnel to observe and learn how hackers are attacking our system. So we get to learn their methodologies for how they're exploiting weaknesses and vulnerabilities within our systems so we can better secure them. So that's a honeypot. And like I said, they're typically set up within a DMZ that can be an actual physical server. They could be multiple servers, they could be multiple servers that are virtualized within a single physical server. The way in which they're set up is really just going to be dependent upon the organization. But like I said, they're typically set up in their own DMZ off on a different interface on our firewall. And in regards to the role that they play in network isolation, well, they play a role in isolating or at least enticing the attackers to their own isolated portion of the network rather than our internal network. So that's going to conclude our short introduction and overview into Honeypot. So if you have any questions, please let me know. If not, thanks for watching and I'll see you at the next video.