Pooh Bear – Honeynet Project
My Honeynet /Honeypot Project & Research
What is a honeynet/honeypot? Besides being a title that never fails to remind me of Winnie the Pooh, it is a security trap. In simple terms, it’s a decoy. It looks and smells like a computer attached to a normal network, vulnerable and open for an attack. But what it really is, is a computer specifically setup like a labyrinth -separate from any valuable information but looks appealing enough, specifically created just to waste an attackers time or to buy a security person enough time to track the attacker down. Well that’s not entirely fair, some organizations use honeynets to distract an attacker from a real network but in terms of info security, it’s used to test network attacks in the wild (in the real world). Sounds like a safari, no? It’s sneaky, it’s okay to admit that, but isn’t that part of the beauty of it?
For more details, please see Symantec’s view on the value of honeypots. Or for an detailed example of one particular honeypot project, please read “The Cuckoo’s Egg” by Clifford Stoll. His book details his experience of a computer hacker who broke into a computer in his Lab at Berkeley and his attempt at tracking down the attacker. Please note, his manhunt spanned over a year and his book is very detailed (he kept a journal). So if you aren’t a tech savvy person, you may want to skim the technical chapters.
The below are different (don’t be confused by the similar titles/web addresses, they are separate research groups.) honeynet and honeypot educational research projects. These pure to low-interaction honeypot projects set up educational challenges based on honeynets set up in ‘the wild’ and have published those results. Based on experience, we are able to monitor potential threats and see how an attack can and does evolve.
Below I have listed specific challenges I am working on:
My objective is to study known attack patterns and use educational tutorials, challenges, and published papers to familiarize myself with the process of setting up, using, and monitoring a honeynet or honeypot.
Project Timeline: TBD
Summary Report: In Progress
I am currently working on finding a suitable server who’s main objective will be to house the honeynet/honeypot. I will be researching safe ways of doing this without compromising the network or other systems.
My day to day updates will be at my blog – Pooh Bear Honeynet