What is a honeypot? How it can lure cyberattackers

Try Norton 360 FREE 14-Day Trial* - Includes Norton Secure VPN

Comprehensive Device Security including Antivirus, Password Manager and more.

*Terms Apply

If you’ve ever wondered how the good guys on the internet go after the bad guys, one way is something called a honeypot. You see, in addition to the security measures you might expect, such as strengthening a computer network to keep cybercriminals out, the good guys use a honeypot to do just the opposite — attract the bad guys.

What is a Honeypot?

A honeypot is a security mechanism that lures the attackers with the help of a virtual trap. From software to networks and services, one can apply a honeypot to any computing resource.  Honeypots are a type of technology that mimics likely targets of cyberattacks by understanding the behavior patterns of the attacker.  They can be used to detect attacks or deflect them from a legitimate target. They can also be used to gain information about how cybercriminals operate.

You may not have heard of them before, but honeypots have been around for decades. The principle behind them is simple: Don’t go looking for attackers. Prepare something that would attract their interest — the honeypot — and then wait for the attackers to show up.

Like mice to cheese-baited mousetraps, cybercriminals are attracted to honeypots — not because they’re honeypots. The bad guys think the honeypot is a legitimate target, something worthy of their time. That’s because the bait includes applications and data that simulate a real computer system.

How do honeypots work?

A honeypot looks like real system with data and applications that fool the cyber attackers into thinking that it’s a legitimate target. They are made to attract the attackers by deliberately building security vulnerabilities.

For example – a honeypot may have ports that respond to weak passwords.

If you, for instance, were in charge of IT security for a bank, you might set up a honeypot system that, to outsiders, looks like the bank’s network. The same goes for those in charge of — or researching — other types of secure, internet-connected systems.

By monitoring traffic to such systems, you can better understand where cybercriminals are coming from, how they operate, and what they want. More importantly, you can determine which security measures you have in place are working — and which ones may need improvement.

It doesn’t address a specific issue, but acts a tool that help you understand the existing security threats, 

What are Honeypots used for?

Honeypots are used to capture information from unauthorized sources. They lure the attackers into attacking the fake networks that contain data and applications similar to legitimate target.

The intruders are tricked into accessing the honeypots to research the behavior of the cyber attackers and understand how they interact with the networks.

In most of the cases, honeypots aren’t used as a security measure and anyone, including hackers, can use them to exploit the network vulnerabilities. Honeypots offer plenty of security benefits such as –         

  • Help organizations to test incident response process        
  • Break the attacker chain and slow down the attackers        
  • Observe the hackers pattern and learn about their behavior        
  • The data can be used to improve security posture

Basically, there are two types of honeypots based on the design and deployment – Research honeypots and production honeypots.

Besides these, there are several types of specialized honeypots – malware honeypots, spam honeypots, client honeypots, database honeypots, etc. that help you identify different types of attacks used by the attackers. 

What could be at stake?

Stealing personal information from online targets is one thing. Targeting public transportation systems is another. Beyond the IoT devices, researchers have used honeypots to expose vulnerabilities with medical devices, gas stations, industrial control systems used for such things as electrical power grids, and more.

Given all the attention that the bad guys get for their hacking and data breach efforts, it’s good to know that the good guys have a few tricks up their sleeves to help protect against cyberattacks.

As more and more devices and systems become internet-connected, the importance of battling back against those who use the internet as a weapon will only increase. Honeypots can help.

Try Norton 360 FREE 14-Day Trial* - Includes Norton Secure VPN

Comprehensive Device Security including Antivirus, Password Manager and more.

*Terms Apply

Copyright © 2022 NortonLifeLock Inc. All rights reserved. NortonLifeLock, the NortonLifeLock Logo, the Checkmark Logo, Norton, LifeLock, and the LockMan Logo are trademarks or registered trademarks of NortonLifeLock Inc. or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc. Alexa and all related logos are trademarks of, Inc. or its affiliates. Microsoft and the Window logo are trademarks of Microsoft Corporation in the U.S. and other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.