Home > Articles > Security > General Security and Privacy

  • Print
  • + Share This
This chapter is from the book

Honeynets

A Honeynet is different from the honeypot solutions we have discussed so far. The Honeynet is a tool for research; it is a network specifically designed for the purpose of being compromised by the blackhat community. Once compromised, the Honeynet can be used to learn the tools, tactics, and motives of the blackhat community. The two biggest differences between honeypots and our Honeynet solutions are as follows.

  • A Honeynet is not a single system but a network. This network sits behind a firewall where all inbound and outbound data is contained, captured, and controlled. This captured information is then analyzed to gain intelligence about our adversary. Within this Honeynet, we can place any type of system to be used as a honeypot, such as Solaris, Linux, Windows NT, Cisco switch, and so on. This creates a network environment that has a more realistic "feel" to it for the intruder. Also, by having different systems with different services, such as a Linux DNS, a Windows NT Web server, or a Solaris FTP server, we can learn about different tools and tactics. Perhaps certain blackhats with specific techniques or motivations target specific systems or vulnerabilities. By having numerous systems, we are more likely to discover these differences.

  • All systems placed within the Honeynet are standard production systems. These are real systems and applications, the same as you find on the Internet. Nothing is emulated. Nor is anything done to make the systems less secure. We can learn a great deal from using such systems. The risks and vulnerabilities discovered within a Honeynet are the same that exist in many organizations today. Additionally, a Honeynet can be as dynamic and flexible as your own organization.

The Honeynet's use of production systems makes it unique. Nothing is emulated, allowing you to use the same systems and applications found in your organization. Figure 2-2 shows a Honeynet. Each honeypot is a production system, mirroring the same builds that an organization would find on its internal network.

Figure 2-2 A Honeynet

  • + Share This
  • 🔖 Save To Your Account