What is a honeypot in cybersecurity?

A honeypot is a decoy system, network, or resource designed to attract attackers, detect unauthorized access, and gather intelligence about attack techniques — without endangering real systems. Types: Low-interaction honeypots: simulate services to attract automated scanners (Cowrie SSH honeypot, Honeyd). Easy to deploy, limited intelligence. High-interaction honeypots: full real systems (often VMs) that allow attackers to interact deeply — provides rich intelligence but risky (attacker could pivot). Honeynet: a network of honeypots simulating an organization's infrastructure. Honeytokens: fake credentials, documents, or data — alerts fire when accessed (e.g., a fake AWS key that triggers an alert if used). Use cases: (1) Detect attackers who breach the perimeter (honeyfiles, honeyservices). (2) Research attacker tools and techniques. (3) Early warning system. (4) Deflect attackers from real systems. Legal consideration: honeypots may raise entrapment concerns in some jurisdictions — consult legal counsel.