After honeypots comes IBM's Billy Goat to lock horns with malicious coders.
So, is there any other approach to detect and collect potential attacks from malicious people?
What is your security plan against some kind of attacks? Why do many attackers find solutions to trap sysadmins?
Please offer your feedback.
I can't make heads or tails of "Why do many attackers find solutions to trap sysadmins?", because I've never known hackers to "trap sysadmins", other than the all too common social engineering. Honeypots are intended to steer amateurs away from the main targets. They are useless against a skilled hacker.
We will never be able to do better than play catchup with skilled hackers, just as we can never be ahead of virus creators. I believe the most valuable things you can have are reliable backups and a good disaster recovery plan. That way, if you do fall victim, or indeed suffer any other kind of disaster, you have a decent chance of betting back to normal.
For me, one of the most important components in blocking attacks from outside is a good firewall. Not just a bunch of static rules but one which actively responds to threats (e.g. Smoothwall with the Guardian add-on). One common mistake is to install a firewall and think that's all there is to it. Like any other part of the system, a firewall needs to be monitored and adjusted as and when necessary and should never be taken for granted.
As for trying to detect hacking attempts, there are a bunch of things you can do, such as monitoring logs. Not just manually browsing them but also an automated system to warn of anomalies. It takes a little effort to create, as it needs to be customised for your specific setup, but well worth the effort.
I don't think it is possible to track a smart hacker, even for FBI, with their subpoena powers, links to other governments, etc. I also think it will take a lot of effort and a little satisfaction to nail a dumbass idiot who got too much life, and uses it to nose around other's data. Although it is infuriating to know that someone is there to hack into your network, to harm you, you will very likely not be able to catch the guy who did it. Most probably you will track down some grandma who unknowingly became a host to a botnet.
That said, not all hope is lost ;). There is a lot you could do about security, and the more resources you have, the more you can do. If you are on a tight budget, I would start with simple steps, such as: running "nmap" tool against your network to check open ports, and turn them off if they are not used. There are quite a few network vulnerability scanners, which could test if your network is a target for well known hacks; some are free some cost $$$, check out Nessus for example. You will not get 100% protection, but if you are not running any high-profile data network, the serious hackers will not care about you; however it will be just enough to repel the high-school wannabe hackers, which I would imagine account for a lot of intrusion cases.
