Network Security
Honeynet
Also known as: Deception network, Research honeypot network
Definition
A controlled network of interconnected honeypots designed to study attacker behavior across a realistic, multi-host environment.
A honeynet is a research-oriented deception network composed of several honeypots, often arranged to look like a complete corporate segment with workstations, servers, and services. By providing a richer attack surface than a single honeypot, it captures lateral movement, command-and-control communications, and post-exploitation tradecraft. A honeywall typically front-ends the honeynet to log every packet, enforce outbound rate limits, and prevent the environment from being abused to attack third parties. Honeynets are mainly used by security researchers, CERTs, and mature SOCs to enrich threat intelligence and validate detections.
Examples
- An academic honeynet capturing worm propagation between simulated Windows hosts.
- An enterprise deception grid that traces an attacker pivoting from a fake jump server to a fake file share.
Related terms
Honeypot
A decoy system or service deliberately exposed to attract attackers, observe their techniques, and divert them from production assets.
Honeytoken
Honeytoken — definition coming soon.
Canary Token
Canary Token — definition coming soon.
Threat Intelligence
Evidence-based knowledge about threats and threat actors — including indicators, TTPs and context — used to guide security decisions and detection.
Network Segmentation
Network Segmentation — definition coming soon.
Intrusion Detection System (IDS)
A passive security control that monitors network or host activity for malicious behaviour and raises alerts without blocking traffic.