Why Every Security-conscious Organization Needs a Honeypot
Transcript of Why Every Security-conscious Organization Needs a Honeypot
-
7/25/2019 Why Every Security-conscious Organization Needs a Honeypot
1/2
Search Help Net Security
Featured news
Microsoft ends support
for Windows 8, IE8
through 10: What does
this mean for you?
Attackers use SQL
injection to manipulate
search engine rankings
Insider threat focus on
the rise
Most companies do
nothing to protect their
mobile apps
Surge in endpoints
drives need for security
Have I been hacked?
The indicators that
suggest you have
The danger of terror
attacks using drones,
and possible
countermeasures
Google researcher finds
critical flaws in Trend
Micro AV solution
European data centre
services provider
Interxion suffers breach
How do you ensure
success with DevOps?
Group using DDoS
attacks to extort
business gets hit by
European law
enforcement
Drupal moves to fix flaws
in update process
Juniper to kill off
Dual_EC RNG in
ScreenOS following new
backdoor revelations
Whitepaper: Cyber
Security Best Practices
User behavior analytics:
The equalizer for under-staffed security teams
Why every security-conscious organization needs
a honeypotby Corey Nachreiner - WatchGuards Director of Security Strategy and Research - Wednesday, 27 August2014.
If the convenience of live honeypot distros wasnt enough, newer honeynet
projects have also made the older command line tools much easier to use.For instance, Project Novaadds a GUI, and many additional capabilities,to the trusty and popular Honeyd project. Nova makes Honeyd much moreapproachable to the average IT guy, making it dead simple for you todeploy a simple production honeynet in even the smallest organization.
Better yet, Nova comes preinstalled in distros like ADHD, so all you haveto do is boot ADHD, start Nova, and you are ready to experiment.
With all these easy and free options, theres little excuse not to at least try ahoneypot. I suggest starting with the combination I mentioned above. Use
theADHD ISOto create either a bootable USB drive or virtual machine,spin it up, and give Nova a try. When you first boot ADHD, youll see aUsage documentation link on your desktop. Double-clicking it will bring upa file that shares all the information you need to know to get started withsome of the honeypot packages, including Nova. Or just refer to this guideon how to get Nova started.
If you run Nova with its default settings, it sets up three fake honeypotmachinesa Linux server, Windows Server, and BSD Serverand itmonitors them for network connections. These basic honeypots act likethose canaries in coal mines, warning you o f dangerous activity. If Nova
sees unusual connections to these machines, you know someone might besnooping around your network. Nova will also monitor for other types ofattack traffic too, and warn you when it finds any IP addresses that actsuspiciously.
Once you set up this simple honeynet, all you have to do is occasionally
monitor it for weird activity. However, after seeing what this simple setupcan do, you might find youre intrigued by the capabilities of honeypots. Ifso, theres a lot you can explore in ADHD and Nova. For example, ratherthan sticking with Novas default setup, you can add a bunch of fake nodes
that emulate your actual server setup. You can also explore the other typesof honeypots ADHD provides, such the web application honeypot,Weblabyrinth, or file system honeypots like Artillery.
Whether or not you deeply explore all the available honeypots is up to you,
but you really should consider installing at least a basic one. All the bigpublic data breaches over the past few years have shown us that wellnever have impermeable defenses. No matter how many walls you buildaround your information, attackers will find weakness, and you data will leakout. Thats why honeypots can play a crucial role in your organizationssecurity strategy as the digital canary warning you before impending
disaster.
Prev. page 1
Corey Nachreiner honeypots tips
2
Weekly newsletter
Reading our newsletter every Monday will keep you
up-to-date with security news.
Email @ Address
Spotlight
Daily digest
Receive a daily digest of the latest security news.
Email @ Address
Have I been hacked? The indi cators
that suggest you have
Lets take a look at some of the top IOCs that your network
has been breached by an attacker and how you can
leverage them to detect irregularities in your system.
1 2 3 4 5
DON'TMISSWed, Jan 13th
At tackers use SQL
injection to
manipulate search
engine rankings
The danger of terror
attacks usin g
drones
Goog le researcher
finds critical flaws
in Trend Micro AV
solution
Have I been
hacked? The
indicators that
suggest you have
Juniper to kill off
Dual_EC RNG in
ScreenOS
Search Help Net Security
y every security-conscious organization needs a honeypot http://www.net-security.org/article.php?id=2110&p=2
2 13.1.2016. 14:21
-
7/25/2019 Why Every Security-conscious Organization Needs a Honeypot
2/2
COPYRIGHT 1998-2016 BY HELP NET SECURITY. // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //
y every security-conscious organization needs a honeypot http://www.net-security.org/article.php?id=2110&p=2
2 13.1.2016. 14:21