Trap the attacker, learn about their activities
What is a honeypot?
Honeypots are intentionally vulnerable systems with weaknesses an attacker will detect and try to exploit.
Where do you place a honeypot?
A honeypot can be located anywhere near your sensitive servers. It is usually placed in the DMZ or Demilitarized Zone that’s connected to the internet but isolated from the rest of the internal network.
How do you detect an attacker using a honeypot?
When you detect user activity on a honeypot it is an indication of an adversarial presence. The honeypot must have no legitimate production usage or access.