1
00:00:00,950 --> 00:00:02,740
<v ->Honeypots and honeynets.</v>

2
00:00:02,740 --> 00:00:04,460
Honeypots and honeynets are used

3
00:00:04,460 --> 00:00:06,880
to attract and trap potential attackers

4
00:00:06,880 --> 00:00:09,620
to counteract any attempts at unauthorized access

5
00:00:09,620 --> 00:00:11,680
to your organization's network.

6
00:00:11,680 --> 00:00:14,390
Now, a honeypot is generally a single computer,

7
00:00:14,390 --> 00:00:17,180
but it could also be a file, a group of files,

8
00:00:17,180 --> 00:00:19,680
or an area of unused IP address space

9
00:00:19,680 --> 00:00:21,410
that might be considered attractive

10
00:00:21,410 --> 00:00:23,110
to a would-be attacker.

11
00:00:23,110 --> 00:00:24,520
A honeynet, on the other hand,

12
00:00:24,520 --> 00:00:26,800
is one or more computers, servers,

13
00:00:26,800 --> 00:00:28,230
or an area of the network.

14
00:00:28,230 --> 00:00:31,400
And often, this is used when a single honeypot is not deemed

15
00:00:31,400 --> 00:00:33,250
to be sufficient for your purposes.

16
00:00:33,250 --> 00:00:35,740
Now, why would we use honeynets and honeypots

17
00:00:35,740 --> 00:00:36,770
in our network?

18
00:00:36,770 --> 00:00:39,110
Well, this is usually used as a form of research,

19
00:00:39,110 --> 00:00:41,100
to try to learn about attackers.

20
00:00:41,100 --> 00:00:42,960
For example, the Honeynet Project

21
00:00:42,960 --> 00:00:45,410
at honeynet.org is a well-known honeynet

22
00:00:45,410 --> 00:00:46,700
that's in use today.

23
00:00:46,700 --> 00:00:48,860
It's used to learn the tools, tactics,

24
00:00:48,860 --> 00:00:51,720
and motives involved in computer and network attacks.

25
00:00:51,720 --> 00:00:53,410
And then they share what they learned

26
00:00:53,410 --> 00:00:55,810
with all of the different organizations out there.

27
00:00:55,810 --> 00:00:58,330
Your organization likely isn't going to put up a honeypot

28
00:00:58,330 --> 00:00:59,640
on its own, unless you're part

29
00:00:59,640 --> 00:01:02,070
of a security operation center for a large company

30
00:01:02,070 --> 00:01:04,010
who's trying to develop better countermeasures.

31
00:01:04,010 --> 00:01:06,220
For example, security researchers at companies

32
00:01:06,220 --> 00:01:09,330
like Microsoft, Google, and Apple might run a honeypot

33
00:01:09,330 --> 00:01:11,460
or a honeynet to try to better be prepared

34
00:01:11,460 --> 00:01:12,860
in the defense of their systems,

35
00:01:12,860 --> 00:01:15,760
and better understand the bad guys' techniques and tactics.

36
00:01:15,760 --> 00:01:17,113
But for most of us,

37
00:01:17,113 --> 00:01:18,210
honeypots and honeynets are just

38
00:01:18,210 --> 00:01:19,870
something we have to memorize for the exam

39
00:01:19,870 --> 00:01:24,120
because we're likely not going to use them ourself.