Introduction, Classification and Implementation of Honeypots
This chapter discusses the basic aspects of Honeypots, how they are implemented in modern computer networks, as well as their practical uses and implementation in educational environments, providing the reader with the most important points regarding the main characteristics of Honeypots and Honeynets. Honeypots are defined as “closely monitored network decoys” that can be set by network administrators to deal with a wide variety of attacks and interact with users in different levels (Provos, 2004). The implementation of Honeypots provides an answer to a common question posted by the field of information security and forensics: How to dissect the elements that make up an attack against a computer system. The chapter will summarizes the different features and capabilities of Honeypots once they are set up in a production environment to clarify the elements that are needed to be configured in order for a Honeypot to accomplish its main tasks and in order for it to be considered an effective tool. The end of the chapter will shift towards the analysis of virtualization as an important tool that maximizes the practical use of Honeypots in controlled environments that are focused towards the study of attacks, responses and analysis methods.