Purpose of a Honeynet
- A honeynet to attract crackers from the blackhat community. It is not announced like “Hey, I’m a honeynet! Please crack me and get trapped”. No, it is just there and waiting to be discovered by a cracker who scans the network. The primary purpose is to gather information about existing threats, study how the blackhat community works and which tools they are using to gain control of a system. Also attack patterns can be captured and worms isolated. The cracker should not be aware that he is being observed and therefore all logging facilities are protected as well as possible.
Who should run a Honeynet?
Anyone who is interested in security and defeating the blackhat community, analyzing new software exploits (probably of own server products), has the network range, time and capacity to set up a honeynet and observer what’s going to happen. Analyzing attacks is very time consuming.
For further and much more detailed information please refer to the whitepapers on the HoneyNet Project website.
The Honeynet Project is a part of the global research effort to study the tools and techniques of attackers.
Our ideas and methods are derived from the original work of the Project Honeynet.
What is a Honeynet?
A honeynet is a network consisting of several different computers with different operating systems and software running. Well, that’s nothing special so far you may think but these points make a honeynet different from networks you know:
- The systems in a honeynet are various standard unprotected operating systems and software with the latest known patches.
- It is a non-productive network and therefore any traffic between the Internet and our honeynet is suspect by nature.
- Every network traffic is logged and archived so that one can trace back the steps after a system has been compromised.
- Every target operating system (honeypot) is monitored by a host intrusion detection system so that one can trace back which files the cracker had modified.
- The firewall between the honeynet and the Internet is not to protect the honeynet from the Internet but it is to protect the Internet from a compromised system in the honeynet so that no other computers can be attacked.
You want to ask some questions? You would like further information or supporting documents? Or direct contact to our specialists from the various fields? You are in the right place here. We will forward your query to the respective specialists.