This report describes the foundations of honeypots in the cyber domain. A honeypot is defined as a cybersecurity function that, with the help of deception, attracts attackers and gets them to stay. Honeypots are used in order to spare the owner's computer systems from attack, while learning lessons about the attacks for the future. There are many types of honeypots, and they can be divided according to their placement, network role, purpose, interaction level, collaboration, dynamics, and ability to redirect. In addition to honeypots, there are also similar cybersecurity functions. For example, there are tar pits, where attackers are delayed, as well as a cyber-variant of camouflage. Using honeypots is not risk-free. If the attacker is not successfully misled, the defender has at best wasted its money. In the worst case, the attacker can turn the tables and start deceiving the defender. Another risk is that a benevolent outsider discovers the honeypot, but without realizing that it is a honeypot. The outsider may then feel compelled to report the unusual activity as an incident, which may cause confusion and create unnecessary work. A third risk is that an attacker succeeds in using the honeypot as a springboard into the production environment. In addition, there are some questions about the legality of the use of honeypots. The research on honeypots has led to many different honeypots being developed over the years. As for the maturity of today's honeypots, they are sufficient to meet simple unsophisticated attacks. The degree of maturity is significantly lower in terms of advanced targeted attacks. However, honeypots have been used to detect previously unknown vulnerabilities (zero-days). There is potential benefit to using honeypots in a military organization such as the Swedish Armed Forces (SwAF), since there is a great need for the type of intelligence and protection that honeypots can provide. In addition to the benefits, however, there are also special challenges with using honeypots in the SwAF. These challenges follow from the fact that the SwAF is facing threats of a special type, and possesses partly unusual types of computer systems. The SwAF therefore needs to strike a balance between the potential benefits of honeypots, and the difficulty and risk associated with their introduction.