Risks with Honeynets:
1-Honeynets introduce additional risk to an environment by attracting attention to their seemingly insecure configuration.
2-Require constant maintenance and administration.
3-Data Analysis is very time consuming. A single compromise on average requires 30-40hours of analysis.
Importance of using Honeypots and honeynets:
Honeynets can gain information on the attacks against them. We assume that a Honeynet can basically gather two different qualities of Information: After starting his attack at (ta). The attacker is unaware of the fact that he is attacking a Honeynet the data gathered shows the attacker’s typical actions against the class of system the Honeynet is emulating. At a certain point in time the attacker realizes that he is confronted with a Honeynet this point labeled (td). The attacker’s motivation shifts which should also result in a change of behavior. The attacker will be more reluctant to act in a way which willallow the observer to gather further information.
Possible increased security by using Honeynets as an decoy:
It is claimed that Honeynets can increase the search space for finding valuable systems in a network and thus increasing security by luring attackers into spending effort attacking the Honeynets instead of the real thing. This claim has to be evaluated against different adversary scenarios.