Newbee question on honeynets
Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Newbee question on honeynets

  1. #1
    Junior Member
    Join Date
    Jul 2007
    Posts
    2

    Newbee question on honeynets

    I am currently interning at a rather large company in there computer security department and the task they gave me is to set up a honeynet. We have a switch network, so my question is: Do I have to deploy a honeynet for each switch to monitor the whole network or will one work? Thanks for any help you can provide.

  2. #2
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,403
    Quote Originally Posted by gloomis2
    Do I have to deploy a honeynet for each switch to monitor the whole network or will one work?
    Asking this question actually indicates that you have no idea as to what a honeynet/honeypot really is..

    Have fun reading:

    http://www.honeynet.org/
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  3. #3
    Senior Member JPnyc's Avatar
    Join Date
    Jan 2005
    Posts
    2,734
    That's why he came to a security forum and titled it "a newbie question".

  4. #4
    Junior Member
    Join Date
    Jul 2007
    Posts
    2
    My question is would I be substantially more successful at detecting any kind of malware or intrusion by setting up honeynets on different parts of the network or will one one end of the switch be sufficient?

  5. #5
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867
    I believe your looking for more of a IDS/IPS system rather than a honeypot. Check out hanging a snort sensor off the main switch.

    Cheers:
    DjM

  6. #6
    Senior Member WolfeTone's Avatar
    Join Date
    Jun 2007
    Location
    Ireland
    Posts
    197
    He was aked to set up a honey pot though!

  7. #7
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,403
    Setting up a honeypot and not knowing how it works can really backfire on you... Suppose your honeypot gets cracked.. That's why it's there in the first place.. Then suppose "they" start using your honeypot to attack the rest of your network..

    I agree with DjM.. You need one or more IDS'es, not honeypots. They're definitely not the same..
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  8. #8
    Senior Member WolfeTone's Avatar
    Join Date
    Jun 2007
    Location
    Ireland
    Posts
    197
    I am currently interning at a rather large company in there computer security department and the task they gave me is to set up a honeynet.
    But he has to set up a honeypot.

  9. #9
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,403
    Yes, but his superiors don't know sh*t about what they're asking and setting one up on your network can really, really, really backfire...
    My question is would I be substantially more successful at detecting any kind of malware or intrusion by setting up honeynets on different parts of the network or will one one end of the switch be sufficient?
    So, reading between the lines, they (his superiors) want to detect intrusions and/or malware. Perfect job for an IDS.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  10. #10
    Senior Member WolfeTone's Avatar
    Join Date
    Jun 2007
    Location
    Ireland
    Posts
    197
    Yeah I do agree with you that a honeypot is not the best solution, but since he is just doing an internship - I'd say they are just getting him to set up a honeypot as an exercise and would severely doubt that they would allow an intern to set up a honey pot that would actually be deployed on a live network.

    Perhaps it is just an exercise to allow him to demonstrate his ability.

    Been realistic, and no offence to the original poster, what sort of company would allow an intern (no matter how good) to set up a live honeypot??

Similar Threads

  1. Yahoo email account comprimised by secret question
    By dolemite in forum Web Security
    Replies: 8
    Last Post: June 14th, 2004, 11:14 PM
  2. Question Time
    By jm459 in forum Tech Humor
    Replies: 1
    Last Post: April 14th, 2004, 01:41 PM
  3. Maximum performance question
    By Fasheezy in forum Hardware
    Replies: 5
    Last Post: February 5th, 2004, 03:25 PM
  4. Test Your General Linux Knowledge
    By smirc in forum AntiOnline's General Chit Chat
    Replies: 6
    Last Post: May 13th, 2002, 04:35 PM
  5. Test Your Knowledge of Redhat?
    By smirc in forum AntiOnline's General Chit Chat
    Replies: 3
    Last Post: May 13th, 2002, 03:24 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •