There are many ways to set up a honeypot. You can take an old machine and install a copy of your default OS on it. Because the system is a real OS, most hackers won't be able to tell that it is a honeypot, even if you do nothing special to it other than install detecting and alerting mechanisms.

Some people use virtual machine software (such as VMware or Virtual PC) to create honeypots. The benefit here is quick resets and clean-up, but VM honeypots are subject to being detected as VM, and hence identified by a hacker as a possible honeypot.

Luckily, this worry is lessening as more shops virtualize their production machines. But a bigger threat is the fact that any real OS gives the hacker a real target to exploit and could lead to unintended consequences, so more and more administrators are turning to specialized honeypot software.

Hands down the best honeypot product, especially for the Windows crowd, is KeyFocus' KFSensor. KFSensor is feature-rich and frequently updated. The fully featured version is US$990, but a new standard version will sell for much less. I don't have enough space here to elaborate on KFSensor, but if you want the best, spend the money. The only two detractions are that it doesn't emulate the TCP/IP stack at the lowest levels (a fact that doesn't really matter for an EWS honeypot) and that only a finite number of listening ports can be active at any one time.

Open source Honeyd is the most versatile honeypot software. Like many open source products, it is mostly command line-based, takes lots of reading to understand, and takes even more trial and error to get it right.