When you think “honeypot,” images of that lovable furry bear, Winnie the Pooh, may come to mind. Pooh loved him some honey. And whenever he stumbled upon a pot of honey, he gorged himself on that sugary goodness until he passed out. Yum.
But in technology terms, a honeypot is a trap set to detect, deflect, or somehow counteract unauthorized use of information systems. Generally, a honeypot consists of a computer, data, or a network site that appears to be part of a larger network, but is actually isolated. (You may have seen reality shows where police set up a bicycle in front of a store and stake it out until someone steals the bike, then tackle and arrest the thief. A honeypot is similar, but without the tackling and arresting.)
Honeypots are tools used by researchers and security professionals to monitor the behaviors of criminal hackers and viruses, allowing the researchers to gather intelligence on how they operate. In this way, researchers can gain an understanding of the motivations and methods a hacker would use. This process helps developers think like the bad guy, giving them a better understanding of the necessary security needed to prevent and counter attacks.
When intuitive security professionals develop a honeypot mindset, they can anticipate the bad guy’s next move. They make numerous predictions about what he will do next and put redundant systems in place to prevent him from doing his job. This becomes second nature for some.
I’d recommend a similar strategy for your own personal security. When it comes to protecting yourself, think about your surroundings and what might make you a target. If you are processing a credit card transaction, think about how risky it may be and what to do in response to those risks. Before you leave your home, visualize the paths of least resistance into your house and what should be done to secure it.
Bad guys don’t play by the same rules we do. But if you understand their game and anticipate their next move, you can beat them.