What Is a Honeynet?

		Chapter 1 - An Introduction to Honeypots Honeypots for Windows by Roger A. Grimes Apress 2005

A collection of honeypots under the control of one person or organization is called a honeynet. Figure 1-1 shows an example of a honeynet with four servers. In the example, the honeypots are running different operating systems: Windows 2000, Windows NT 4.0, Windows Server 2003, and Internet Information Server (IIS). These machines are on a demilitarized zone (DMZ), which is an internal routed segment accessible from the Internet, but separated directly from the LAN.

Figure 1-1: A honeynet example

A honeynet can have a single theme, say mimicking a military network or series of database servers, or be distributed widely enough that it makes sense to have multiple themes, such as a military site running Windows Server 2003 connected to an educational site running Windows 2000 Server. A single-theme honeynet can still run different operating systems and features. A theme might mimic an e-commerce site, with a web server, back-end database server, customer support File Transfer Protocol (FTP) site, and Simple Mail Transfer Protocol (SMTP) mail server.