A honeynet is a network of intentionally vulnerable and monitored systems designed to attract attackers and study their techniques. Where a honeypot is a single decoy system, a honeynet creates an entire deceptive environment of fake servers, workstations, and services that mirror a real network.
Any traffic to or from a honeynet is by definition suspicious — legitimate users have no reason to interact with systems specifically not advertised for use. Intelligence gathered from honeynets has contributed significantly to understanding attacker behavior.
CISSP Relevance
Honeynets are covered in Domain 7 (Security Operations) and Domain 6 (Security Assessment and Testing). CISSP candidates must understand how deception technologies work, their legal implications around entrapment concerns, and how intelligence from honeynets feeds security operations.
External reference: CISA Honeypots Overview
Related terms: Threat Intelligence, Intrusion Detection System