must be included this What is a honeypot? How has honeypots been used in the field of national security? How does a honeypot work within the network security field? How can a honeypot be constructed...

1. What is a honeypot?
The term “honeypot” , arised from the world of espionage, where it means to an agent who would be sexually available to a target. The plan was to compromise the target either by imotional or sexual blackmail to get secret information. Lance Spitzner, founder of the Honeynet Project defines honeypot as “a system designed to learn how “black-hats” probe for and exploit weaknesses in an IT system”. It can also be defined as “an information system resource whose value lies in unauthorised or illicit use of that resource” . Honeypots are dummy machines that emulate real machines running services and applications, with opened popular ports that are found on a system on network. A honeypot makes attackers to believe that they are interacting with a legitimate system. When an attacker attacks the system, attack related information such as attacker’s IP, is observed by system without any knowledge to attacker. This activity provides valuable information about attack techniques and also allows system administrators to route back to the source of attack. Unlike firewalls and IDSs, Honeypots do not solve only a particular problem but also track movement within the system.
1.1 Types: Now a days there are various types of honeypots with different goals are available. These are classified as following:
1.1.1 Production Honeypot: This is a honeypot placed inside production network. These are an extension to Intrusion detection system (IDS) and primarily used for attack detection. These are used to verify the capability of existing security functions and also for finding close security gaps. It justifies the investment on security measures to management by recording evidence of attacks. It also records activities from inside a local network as a proof if an insider has malicious intentions.
1.1.2 Research Honeypot: The main purpose of research honeypot is to learn about tactics and techniques of attacker community. In this case attacker is allowed to stay and kept in observation to understand how attacker is working. Honeypot gives a real-live insight on process of attack.
1.1.3 Honeynet: Honeynet refers to a network of honeypots where each honeypot is a stand-alone system. It consists of honeywall that works as gateway siting between honeynet and production network, and honeypots. The attacker is given a honeypot with real operating system and full access to mangle it. Honeywall maintains a IDS that analyze every packet going to and from Honeypot. Firewall is deployed over honeywall, hence access to production network is completely restricted.
Honeypots are also classified in greater details on the basis of interaction level with attacker. The classification is as under:
1.1.4 Low-interaction Honeypots: These honeypots emulate a service upto an extent such that an attacker can only log in but cannot perform any action. They are primarily used for detection and works like production honeypot. In this way attacker can only access emulated service but underlying operating system cannot be affected.
1.1.5 Medium-interaction Honeypots: This category emulates full service i.e. they can emulate a web server. Like Low-interaction Honeypots they are...