Like a pot of honey left out to trap a bear, a honeypot is a unprotected or partially-protected machine set up to allow malicious software or activity to compromise it.

The idea is simple: by leaving a machine vulnerable, it is likely to be attacked in some way. The owners of the honeypot machine can then examine both the source and technique of the specific attack and build defenses against it.

The term can be more generally applied to any machine left vulnerable to only specific attacks, including other forms of malicious behaviour (such as hacking). A government agency might place a machine with falsified information on it, so that while it looks important and confidential, they can monitor who attempts to break in and how.

“Honeypot” can also be applied to email. Agencies monitoring spam, for example, might set up email addresses and make them public so as to monitor what kinds of spam emails are then sent, so they can monitor the characteristics of spam over time.

In computer terminology, a honeypot is a computer security mechanism set to detect, deflect, or, in some manner, counteract attempts at unauthorized use of information systems. Generally, a honeypot consists of data (for example, in a network site) that appears to be a legitimate part of the site and contain information or resources of value to attackers. It is actually isolated, monitored, and capable of blocking or analyzing the attackers. This is similar to police sting operations, colloquially known as "baiting" a suspect.

Diagram of an information system honeypot
« Back to Glossary Index