Honeypots, honeynets, and honeywalls all have their names derived from the common practice of using a honey trap to bait an unsuspecting target into often a romantic relationship, thus increasing the chances of the target divulging sensitive information; this is often dramatized in espionage movies. In computing, a honeypot is typically a system that is designed to be appealing to attackers, such as containing data from an organization’s banking records. A honeypot, while appearing attractive, would actually contain nothing of value, and instead be a tool used by cybersecurity professionals to determine commonly-used attack vectors and methods of intrusion.

Similar to a honeypot, a honeynet also follows the same principles, offering bait to attackers in the effort to persuade them to strike, while cybersecurity and network administrators learn from their actions. For example, an organization could set up a copy of their network separated from the existing one; this copy could then be configured with intentional vulnerabilities. When attacked, the organization can determine how their current defenses work and what could be improved. Real-world experience is worth its weight in gold. While a honeypot and honeynet are similar, a honeypot is typically a single device, whereas a honeynet is a network.

Honeywalls are utilized to capture data obtained from honeypots and honeynets by serving as a barrier between the network/device and the host. Without a honeywall, the attacker’s actions would not be able to be recorded and analyzed. With the use of honeypots, honeynets, and honeywalls, we can create real-world simulations of the possible attacks we may encounter, train our employees on how to respond to them, as well as strengthen our defenses so that they do not happen in the future.

References

Nelson, B., Phillips, A., & Steuart, C. (2019). Guide to Computer Forensics and Investigations. Boston, MA: Cengage Learning.