Followers

Friday, July 24, 2009

Honeynets

A honeynet is a network of honeypots. A honeypot is an information system resource
whose value lies in unauthorized or illicit use of that resource, i.e. a honeypot is a
resource that is intended to be compromised. As we will see, a honeynet can provide the
system administrator with intelligence about vulnerabilities and compromises within the
network.

Any type of system can be placed within the honeynet. Standard production systems
can be used on the honeynet, in order to give the hacker the look and feel of a real
system. Moreover, virtual systems can be used to emulate or simulate a number of
computer systems inside one physical system, e.g. utilizing software like VMware or
honeyd. We will address this later on more thoroughly.

As previously noted, compromised systems pose a threat to the Internet. Since
honeypots will be compromised, it is crucial to protect other systems from being attacked
by them. Therefore, a honeynet is placed behind an entity called a honeywall. The
honeywall separates the honeynet and the Internet such that all inbound and outbound
data traffic has to flow through it. The honeywall limits the amount of malicious traffic
that can leave the honeynet so that an attacker is kept from attacking other machines on
the Internet using honeynet resources. This property of a honeynet setup is called data
control. Furthermore, the honeywall logs all traffic from and to the honeypots. This
property is known as data capture.

No comments:

Post a Comment