This presentation shares a best practice in teaching network defense based on recent research on network security. Computer networks as part of critical infrastructure facilities and assets for most organizations are facing increasing challenges in defending against various and sophisticated cyber threats, intrusions, and attacks. Knowledge discovery is a key factor in cyber defense, and honeypots could be an effective tool for gaining knowledge for cyber defense. The research for this presentation draws upon a cyber defense knowledge model based on the classic of The Art of War and focuses on the use of honeypots for network intrusion detection. The cyber defense model highlights the role of knowledge (and the lack of knowledge) discovery of strengths and vulnerabilities of yourself and your opponent in cyber defense. This presentation illustrates the dynamics of the knowledge and its network security benefits using honeypots in a simulation of detection of intrusions and distributed denial of service (DDoS) attacks on a virtual network.