Deception Technologies in IT Security

Jul 23, 2025

Overview

This lecture covers the use of deception technologies in IT security, focusing on honeypots, honey nets, honey files, and honey tokens to attract, monitor, and identify attackers.

Honeypots

  • A honeypot is a decoy system designed to attract attackers and observe their techniques.
  • Most attacks on honeypots are performed by automated processes testing various system vulnerabilities.
  • Honeypots are isolated from production environments and are not part of actual business operations.
  • Building honeypots can be done using commercial or open-source software.

Honey Nets

  • A honey net is a network of multiple honeypots simulating a realistic IT environment.
  • Honey nets may include workstations, servers, routers, and firewalls to appear genuine to attackers.
  • They provide a more convincing target, keeping attackers engaged and distracted from real systems.

Honey Files

  • Honey files are decoy files containing fake or seemingly valuable information (e.g., password.txt).
  • Access to honey files in a production network is suspicious and should trigger alerts for investigation.
  • Alerts can notify management when honey files are accessed, indicating unauthorized activity.

Honey Tokens

  • Honey tokens are traceable pieces of bogus data placed in a system to identify data leaks or unauthorized distribution.
  • Examples include fake API credentials or email addresses monitored for unauthorized use elsewhere.
  • Honey tokens can be placed in databases, cookies, web pages, or any other trackable data form.
  • Detecting a honey token outside your organization reveals a possible data breach and its source.

Key Terms & Definitions

  • Honeypot — A decoy system or environment set up to attract attackers and monitor their activities.
  • Honey Net — A network of honeypots emulating a realistic, complex IT infrastructure.
  • Honey File — A fake file with attractive names/data meant to lure attackers and trigger alerts upon access.
  • Honey Token — Falsified, trackable data embedded in systems to detect unauthorized distribution or leaks.

Action Items / Next Steps

  • Visit project honey.org to learn more about honeypots and honey nets.
  • Set up alerts for honey file access in your production environment.
  • Explore options for creating and monitoring honey tokens to detect data exfiltration.

Full transcript