Honeypot Design Tenets

skip navigation

honeypots for windows
Chapter 2 - A Honeypot Deployment Plan
Honeypots for Windows
by Roger A. Grimes
Apress 2005
progress indicator progress indicatorprogress indicator progress indicator

No matter what type of honeypot system you deploy or where you place it, some common principles apply. Chapter 1 talked about the importance of data control and data capture. Data control is making sure the compromised honeypot is not used to attack other legitimate resources. Data capture is recording everything the hacker does. In these definitions are other implicit objectives:

  • Store collected data remotely. You want to store as much evidence as you can remotely. If it is stored locally, the hacker can find it and erase it.

  • Don’t let hackers discover your monitoring devices. If your monitoring tools are discovered, the hackers could disable them, delete the collected data, or just avoid the honeypot.

  • A honeypot should strive to look like a production asset.

  • Your honeypot system should be designed to prevent a compromise to the production network. This means that the hacker should never have access to legitimate data, systems, or user accounts.

Remember these underlying honeypot system tenets when designing your solution.

progress indicator progress indicatorprogress indicator progress indicator


Honeypots for Windows
Honeypots for Windows (Books for Professionals by Professionals)
ISBN: 1590593359
EAN: 2147483647
Year: 2006
Pages: 119

Similar book on Amazon
Honeypots: Tracking Hackers
Honeypots: Tracking Hackers
Know Your Enemy: Learning about Security Threats (2nd Edition)
Know Your Enemy: Learning about Security Threats (2nd Edition)
Virtual Honeypots: From Botnet Tracking to Intrusion Detection
Virtual Honeypots: From Botnet Tracking to Intrusion Detection
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net