Rogue IT Identification


Trap the attacker, learn about their activities

What is a honeypot?

Honeypots are intentionally vulnerable systems with weaknesses an attacker will detect and try to exploit.

Where do you place a honeypot?

A honeypot can be located anywhere near your sensitive servers. It is usually placed¬†in the DMZ or Demilitarized Zone that’s¬†connected to the internet but isolated from the rest of the internal network.

How do you detect an attacker using a honeypot?

When you detect user activity on a honeypot it is an indication of an adversarial presence. The honeypot must have no legitimate production usage or access.