[HIB]Honeypots for hacker detection

Most corporate networks lack serious oversight, that is, no one is really watching. Watching the network and computer systems is expensive, overwhelming and fraught with false positives. No wonder then that insider attacks go undetected for months, malware proliferates stealthily and hackers can spend their time gradually infiltrating deeper and deeper, undetected. It's simply too hard to discern between legitimate activities and illegitimate or malicious activities. Without context, wading in the enormous volume of logs or network traffic leads to information overload. How to tell who's up to no good? Well, you shall know them by their deeds.Honeypots are, in my opinion, an underutilized tactic. Every attack, whether manual or automated, has an exploratory component. When hackers or viruses go probing networks and systems they are usually able to do so unnoticed. Unless they cause a system crash or overwhelm a system, the chances of detection are pretty low. A honeypot is a system that detects unusual activity by creating false targets. In a network, for example, a simple honeypot may allocate the unused IP address space. Then if someone attempts to access an IP address that is not used, an alert can be generated. Similarly, a port-based honeypot could respond to requests on unused TCP ports, creating the illusion of services. Entire computers, or even networks of computers, can be created to lure attackers.

**Hidden Content: To see this hidden content your post count must be 1 or greater.**