Honeypots are any security resource whose value lies in being probed, attacked, or compromised. They can be real operating systems or virtual environments mimicking production systems. Honeypots are often the best computer security-defense tool for the job. They can be used as an adjunct tool and to log and prevent hacking.
Honeypots are currently in the second formal stage of development, known as GenII. GenII honeypots use inline IDSs to change outgoing malicious packets into harmless traffic and use keystroke-logging software built into the kernel. Hacking attacks can be manual, automated, or blended.
Honeypots are not “install and forget it” systems. There are several steps you can take to minimize the legal risks from using a honeypot.
Chapter 2 discusses how to physically deploy your honeypot.