Domain 4 of 5 · Chapter 3 of 8

Deception Technologies

Unlock the complete study guide + 1,040 practice questions across 16 full exams.

Bundled into the existing CompTIA Network+ premium course — no separate purchase.

Included in this chapter:

  • Honeypots and honeynets: decoys that turn access into alerts
  • Detection and diversion, not prevention
  • Interaction level, isolation, and the legal line

Honeypot vs honeynet

PropertyHoneypotHoneynet
ScopeOne decoy host or serviceA whole network of honeypots plus fake supporting services
RealismLimited; can look isolatedHigh; mimics a real production segment
What you can observeInteractions with one decoyLateral movement and escalation across systems
Build and upkeep effortLow to moderateHigh
Primary valueCheap tripwire and diversionDeep threat intelligence on attacker behavior

Cheat sheet

  • A honeypot is a single decoy with no legitimate purpose, so any access is suspect
  • A honeynet is a whole decoy network of honeypots, not a single host
  • More realism and lateral-movement study points to a honeynet over a honeypot
  • Deception detects and diverts, it does not prevent
  • Place a decoy inside a trusted segment to catch post-breach and insider activity
  • Low-interaction decoys are safe but easy to spot; high-interaction are rich but risky
  • Isolate the decoy so a compromised honeypot cannot become a pivot
  • Deception observes your own assets; it is not a license to hack back

Unlock with Premium — includes all practice exams and the complete study guide.

References

  1. Honeypot — NIST CSRC Glossary Whitepaper
  2. NIST SP 800-94: Guide to Intrusion Detection and Prevention Systems (IDPS) Whitepaper