Skip to Main Content
Computer networks connected to the Internet continue to be compromised and exploited by hackers. This is in spite of the fact that many networks run some type of security mechanism at their connection to the Internet. Large enterprise networks, such as the network for a major university, are very inviting targets to hackers who are looking to exploit networks. Large enterprise networks may consist of many machines running numerous operating systems. These networks normally have enormous storage capabilities and high speed/high bandwidth connections to the Internet. Due to the requirements for academic freedom, system administrators are restricted in what requirements they can place on users on these networks. The high bandwidth usages on these networks make it very difficult to identify malicious traffic within the enterprise network. We propose that a Honeynet can be used to assist the system administrator in identifying malicious traffic on the enterprise network. By its very nature, a Honeynet has no production value and should not be generating or receiving any traffic. Thus, any traffic to or from the Honeynet is suspicious in nature. Traffic from the enterprise network to a machine on the Honeynet may indicate a compromised enterprise system.