Advantages
First, honeypots make it possible for an administrator to learn methods that are used by hackers. This is because it is possible to watch and analyze attacks launched against the honeypots. Through honeypots, one can set up parallel systems that contain useless information. This enhances the security of information because these systems are actively monitored. Through this monitoring, all hacker activity can be documented for future use.
The other advantage of using honeypots is that they serve as an early warning system. Before attackers get to the actual resources, chances are that their activity will have been picked up through honeypots (Ciampa, 2009). Therefore, a honeypot can serve as an early warning mechanism. This is because this early activity alerts an administrator about which network resources interest a hacker. Using such information, the administrator can enhance security to such resources. Honeypots operate in complete isolation from any authorized users. This means any traffic towards them indicates possible hacker intentions.
Disadvantages
One disadvantage of using honeypots is that they can lure attackers. This is because once attackers have accessed a honeypot; they may be motivated to instigate further attacks. Attackers are typically relentless and if they discover that they have been duped, they are not likely to stop until they have gained access to the real thing (Dbcoretech, 2010). The other disadvantage of using honeypots is that they just add to the complexity of a network design. This means that the additional resources will incur extra costs through maintenance. Honeypots must also be kept up and running for them to be able to work effectively.
Any activity towards them must also be responded to and this adds to the tediousness of network maintenance. Yet another disadvantage is that a honeypot itself can be used as a launching point for attacks against either your network or another network. If this happens, the organization may find itself in a legal tussle with the affected parties.
Recommendations for use
Honeypots are grouped according to their use. Some are used for production, and those are used for research purposes. Production honeypots are used to minimize security risks. On the other hand, research honeypots are used for gathering information about hackers. Production honeypots are the ones that can be used by an organization. There are two options that the management may consider employing. Honey is a product that was created to detect intrusion (Chandran & Pakala, 2003).
Honey is used to detect intrusion in network resources that have low interaction. This open-source solution accomplishes this by monitoring all the IP addresses that are not utilized by the network. Honeyd perceives any attempted communication with an unused IP address as a threat to network security. If such communication is detected, honeyed assumes the identity of that IP and interacts with the hacker. Honeyd can detect activities on any TCP and UDP ports as well as any ICMP activity. It is recommended for low-risk environments. Another viable option is HoneyNet. This sophisticated tool is used to monitor all kinds of threats.
It is modeled in such a way that it provides hackers with real systems complete with interaction tools. This is recommended for organizations with higher risks of data insecurity. A honeyNet is a high interaction tool and it comes with the application, services, and systems to engage the hackers (Yegneswaran, 2005). Since HoneyNet is a network of unproductive computers, any interaction with this part of the network is regarded as a security risk.
References
Ciampa, M. (2009). Security+ Guide to Network Security Fundamentals 3rd Edition. Bowling Green, KY: Western Kentucky University.
Dbcoretech. (2010). Secure Your Database By Building Honeypot Architecture Using A SQL Database Firewall. Web.
Chandran, R. & Pakala, S. (2003). Simulating Networks with Honeyd. Web.
Yegneswaran, V. (2005). Using honeynets for internet situational awareness. Web.