A honeypot is a trap that's used to identify, avert and, to some extent, neutralize attempts to hijack information systems and networks. It is usually made up of a single computer or a network site that disguises itself as a normal computer or network. It can also morph to look like an unused IP address, a file or a record. It tempts hackers by pretending to contain data that cyber criminals often deem important. It can deceive the hacker into thinking that it is an open proxy.

A honeypot is generally used as surveillance system as well as an early warning mechanism. Since a honeypot makes itself look part of a system that only hackers use, it doesn't need any other components such as a filter or a spam-recognition capability to determine if the incoming traffic is indeed malicious. However, careful use of honeypots is required for they can actually put a system at risk; hackers can use them as doorways (what are called backdoors) to a system.

Different Kinds of Honeypots Based on Deployment

Production Honeypots: Production honeypots are designed primarily for network security and defense. They have not been designed to collect information on hacking activities. For this reason, they are usually easily deployable and do not interact much. These are installed inside the production network and are usually used by corporations and companies to enhance network security.

Research Honeypots: Research honeypots, as their name implies, are made specifically for collecting information about attackers and malicious software. They are usually managed by educational institutions or non-profit research organizations and are used to gain more insight on Internet "black hat" operations, strategies and motives. The ultimate purpose is to identify threats and find ways of dealing with them more effectively. These are difficult to manage and deploy but they are able to gather a lot of information. This is why they are used primarily by government organizations, the military and research organizations that have the resources to manage and deploy them.

Different Types of Honeypots Based on the Level of Involvement

Honeyd: This is a type of daemon honeypot licensed by GPL that has the ability to simulate a big network while using only a single host. To outsiders, the Honeyd looks like a computer network on a network's unused address space.

Honeytrap, Nephentes and Mwcollect: These have the ability to log attack incidences. However, they are also capable of gathering data on the malware itself – its binary code, system of delivery, etc. These types of honeypots are also under the GPL license. Honeytrap has the additional ability of listening to ports and mirroring the malicious attacks back to their source after sufficient information has been gathered.

Honeynet: The honeynet is a collection of real computers and networks that are accessible only through a stealth inline bridge that observes and manages the information coming to and from the different honeypots in the network. This captures data, keylog information and system events from the gateway and from logs of honeypot systems.