20.1 Motivation

 <  Day Day Up  >  

The trend toward deploying honeypots for network protection is just beginning. Live traffic redirection (a.k.a. bait-and-switch), shield honeypots, and other techniques are in their infancy. The most common motivation for deploying a honeypot or a honeynet is research. Learning about attackers (even if they are just script kiddies, as in most cases of Internet-exposed honeypots) and their tools and techniques is not for everyone. However, it is extremely useful for increasing security awareness, training, and tuning security tools.

The research motivation applies to honeypots exposed to public networks. On the inside, a honeypot provides great value by becoming an "IDS with no false positives" and protects select valuable resources on the network and hosts . Creating bogus database records, files, and other attractive information and monitoring access to them is a good way to thwart some of the most expensive kinds of network abuse and intellectual-property theft. While research is the most important application of honeypots, the protection aspect (for both inside and outside) is increasing in importance.

The next section covers the detailed procedure for building a research honeynet. We guide the reader through the steps of building a Linux-based honeynet. We describe a setup consisting of three hosts: a victim host, a firewall, and an intrusion detection system. The setup shown in Figure 20-1 is run by one of the authors as a part of the Honeynet Research Alliance (http://www.honeynet.org/alliance/index.html).

Figure 20-1. Sample honeynet
figs/sw_2001.gif
 <  Day Day Up  >  


Security Warrior
Security Warrior
ISBN: 0596005458
EAN: 2147483647
Year: 2004
Pages: 211

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net