Updates to Chapter 4

• Chapter 4 defines the values of production and research honeypots. There is an additional value for production honeypots, specifically incident response, not discussed in the book. In chapter 4 we cover how honeypots can be used in responding to an attack, specifically learning how the attacker penetrated an organization. There is an additional value, determing who your attacker is once they are in your organization.

  For example, your organization may determine that an attacker has broken into your organization, but you cannot determine who the threat is and how much damage has been done. A honeypot can be deployed in your internal network, most likely a high interaction honeypot. The purpose of the honeypot is to be broken into by the attacker. Once broken into, you can track their activities, learn how much damage they have done to your network, and potentially their identity.