What do you get when you place two (or more) honeypots into a network? The answer is a honeynet. The idea of creating a network of lures was the seminal idea behind the Honeynet Project (http://project.honeynet.org), a non-profit, IT security research group started in 1999.
The groups charter is to raise awareness of the threats and vulnerabilities that exist in the Internet today, as well as to teach and inform members of the community how to better defend and secure information systems and resources. While identifying symptoms of the intrusion problem, the open source project is going several steps further—hoping to provide additional information regarding blackhat tactics, motives, communication methods and actions after a system has been compromised.
The primary method by which the group analyzes unauthorized intrusion events is the honeynet, a network of systems and processes that record such activity. It is a work in progress, with a development cycle that is estimated to extend for more than the next two years.
Our “Facts and Figures” chart contains some of the information that the project has collected during the last several years. Theres some rather scary material presented, and wed remind you that the honeypot is not the only means of defense, but merely another component of a multilayer strategy that should be considered to secure your information and communication assets.