The following characteristics are typical of honeypots or honeynets:
Topologies and IDS • Chapter 7 435
or log files of no real significance or value—to attract and hold an attacker’s interest long enough to give a backtrace a chance of identi-fying the attack’s point of origin.
The honeypot technique is best reserved for use when a company or organi-zation employs full-time IT security professionals who can monitor and deal with these lures on a regular basis, or when law enforcement operations seek to target specific suspects in a “virtual sting” operation. In such situations, the risks are sure to be well understood, and proper security precautions, processes, and procedures are far more likely to already be in place (and properly practiced). Nevertheless, for organizations that seek to identify and pursue attackers more proactively, hon-eypots and honeynets can provide valuable tools to aid in such activities.
Although numerous quality resources on honeypots and honeynets are avail-able (try searching on either term at www.searchsecurity.techtarget.com), the fol-lowing resources are particularly valuable for people seeking additional