Summary
Deploying a honeypot system requires methodical planning and understanding of your motivations for installing one in the first place. Basic underlying honeypot tenets must be considered during the design phase. You need to decide whether you want to implement a research or production honeypot, real or virtual, and where to place it. These decisions depend on your objectives and resources. Externally placed honeypot systems are the most exposed type of (research) honeypot and will gain the attention of hackers the quickest.
Production honeypots placed on the DMZ can warn you of malicious activity happening within your DMZ. Internally placed honeypot systems can act as an early-warning system to alert you that a threat has bypassed your other network security countermeasures, as well as alert you to internal attacks.
A honeypot system is a collection of components, including tools for alerting, monitoring, logging, and analyzing found data. Chapter 3 will cover the basic behaviors and services a Windows honeypot should mimic.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
Rights and permissions
Copyright information
© 2005 Roger A. Grimes
About this chapter
Cite this chapter
(2005). A Honeypot Deployment Plan. In: Honeypots for Windows. Apress. https://doi.org/10.1007/978-1-4302-0007-9_2
Download citation
DOI: https://doi.org/10.1007/978-1-4302-0007-9_2
Publisher Name: Apress
Print ISBN: 978-1-59059-335-6
Online ISBN: 978-1-4302-0007-9
eBook Packages: Professional and Applied ComputingApress Access BooksProfessional and Applied Computing (R0)