7/25/2019 Why Every Security-conscious Organization Needs a Honeypot

1/2

Search Help Net Security

Featured news

Microsoft ends support

for Windows 8, IE8

through 10: What does

this mean for you?

Attackers use SQL

injection to manipulate

search engine rankings

Insider threat focus on

the rise

Most companies do

nothing to protect their

mobile apps

Surge in endpoints

drives need for security

Have I been hacked?

The indicators that

suggest you have

The danger of terror

attacks using drones,

and possible

countermeasures

Google researcher finds

critical flaws in Trend

Micro AV solution

European data centre

services provider

Interxion suffers breach

How do you ensure

success with DevOps?

Group using DDoS

attacks to extort

business gets hit by

European law

enforcement

Drupal moves to fix flaws

in update process

Juniper to kill off

Dual_EC RNG in

ScreenOS following new

backdoor revelations

Whitepaper: Cyber

Security Best Practices

User behavior analytics:

The equalizer for under-staffed security teams

Why every security-conscious organization needs

a honeypotby Corey Nachreiner - WatchGuards Director of Security Strategy and Research - Wednesday, 27 August2014.

If the convenience of live honeypot distros wasnt enough, newer honeynet

projects have also made the older command line tools much easier to use.For instance, Project Novaadds a GUI, and many additional capabilities,to the trusty and popular Honeyd project. Nova makes Honeyd much moreapproachable to the average IT guy, making it dead simple for you todeploy a simple production honeynet in even the smallest organization.

Better yet, Nova comes preinstalled in distros like ADHD, so all you haveto do is boot ADHD, start Nova, and you are ready to experiment.

With all these easy and free options, theres little excuse not to at least try ahoneypot. I suggest starting with the combination I mentioned above. Use

theADHD ISOto create either a bootable USB drive or virtual machine,spin it up, and give Nova a try. When you first boot ADHD, youll see aUsage documentation link on your desktop. Double-clicking it will bring upa file that shares all the information you need to know to get started withsome of the honeypot packages, including Nova. Or just refer to this guideon how to get Nova started.

If you run Nova with its default settings, it sets up three fake honeypotmachinesa Linux server, Windows Server, and BSD Serverand itmonitors them for network connections. These basic honeypots act likethose canaries in coal mines, warning you o f dangerous activity. If Nova

sees unusual connections to these machines, you know someone might besnooping around your network. Nova will also monitor for other types ofattack traffic too, and warn you when it finds any IP addresses that actsuspiciously.

Once you set up this simple honeynet, all you have to do is occasionally

monitor it for weird activity. However, after seeing what this simple setupcan do, you might find youre intrigued by the capabilities of honeypots. Ifso, theres a lot you can explore in ADHD and Nova. For example, ratherthan sticking with Novas default setup, you can add a bunch of fake nodes

that emulate your actual server setup. You can also explore the other typesof honeypots ADHD provides, such the web application honeypot,Weblabyrinth, or file system honeypots like Artillery.

Whether or not you deeply explore all the available honeypots is up to you,

but you really should consider installing at least a basic one. All the bigpublic data breaches over the past few years have shown us that wellnever have impermeable defenses. No matter how many walls you buildaround your information, attackers will find weakness, and you data will leakout. Thats why honeypots can play a crucial role in your organizationssecurity strategy as the digital canary warning you before impending

disaster.

Prev. page 1

Corey Nachreiner honeypots tips

2

Weekly newsletter

Reading our newsletter every Monday will keep you

up-to-date with security news.

Email @ Address

Spotlight

Daily digest

Receive a daily digest of the latest security news.

Email @ Address

Have I been hacked? The indi cators

that suggest you have

Lets take a look at some of the top IOCs that your network

has been breached by an attacker and how you can

leverage them to detect irregularities in your system.

1 2 3 4 5

DON'TMISSWed, Jan 13th

At tackers use SQL

injection to

manipulate search

engine rankings

The danger of terror

attacks usin g

drones

Goog le researcher

finds critical flaws

in Trend Micro AV

solution

Have I been

hacked? The

indicators that

suggest you have

Juniper to kill off

Dual_EC RNG in

ScreenOS

Search Help Net Security

y every security-conscious organization needs a honeypot http://www.net-security.org/article.php?id=2110&p=2

2 13.1.2016. 14:21

7/25/2019 Why Every Security-conscious Organization Needs a Honeypot

2/2

COPYRIGHT 1998-2016 BY HELP NET SECURITY. // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //

y every security-conscious organization needs a honeypot http://www.net-security.org/article.php?id=2110&p=2

2 13.1.2016. 14:21