-
July 6th, 2007, 04:17 PM
#1
Junior Member
Newbee question on honeynets
I am currently interning at a rather large company in there computer security department and the task they gave me is to set up a honeynet. We have a switch network, so my question is: Do I have to deploy a honeynet for each switch to monitor the whole network or will one work? Thanks for any help you can provide.
-
July 6th, 2007, 04:22 PM
#2
Originally Posted by gloomis2
Do I have to deploy a honeynet for each switch to monitor the whole network or will one work?
Asking this question actually indicates that you have no idea as to what a honeynet/honeypot really is..
Have fun reading:
http://www.honeynet.org/
Oliver's Law:
Experience is something you don't get until just after you need it.
-
July 6th, 2007, 04:27 PM
#3
That's why he came to a security forum and titled it "a newbie question".
-
July 6th, 2007, 04:32 PM
#4
Junior Member
My question is would I be substantially more successful at detecting any kind of malware or intrusion by setting up honeynets on different parts of the network or will one one end of the switch be sufficient?
-
July 6th, 2007, 04:41 PM
#5
I believe your looking for more of a IDS/IPS system rather than a honeypot. Check out hanging a snort sensor off the main switch.
Cheers:
-
July 8th, 2007, 10:58 PM
#6
He was aked to set up a honey pot though!
-
July 9th, 2007, 12:15 PM
#7
Setting up a honeypot and not knowing how it works can really backfire on you... Suppose your honeypot gets cracked.. That's why it's there in the first place.. Then suppose "they" start using your honeypot to attack the rest of your network..
I agree with DjM.. You need one or more IDS'es, not honeypots. They're definitely not the same..
Oliver's Law:
Experience is something you don't get until just after you need it.
-
July 9th, 2007, 12:18 PM
#8
I am currently interning at a rather large company in there computer security department and the task they gave me is to set up a honeynet.
But he has to set up a honeypot.
-
July 9th, 2007, 12:29 PM
#9
Yes, but his superiors don't know sh*t about what they're asking and setting one up on your network can really, really, really backfire...
My question is would I be substantially more successful at detecting any kind of malware or intrusion by setting up honeynets on different parts of the network or will one one end of the switch be sufficient?
So, reading between the lines, they (his superiors) want to detect intrusions and/or malware. Perfect job for an IDS.
Oliver's Law:
Experience is something you don't get until just after you need it.
-
July 9th, 2007, 12:32 PM
#10
Yeah I do agree with you that a honeypot is not the best solution, but since he is just doing an internship - I'd say they are just getting him to set up a honeypot as an exercise and would severely doubt that they would allow an intern to set up a honey pot that would actually be deployed on a live network.
Perhaps it is just an exercise to allow him to demonstrate his ability.
Been realistic, and no offence to the original poster, what sort of company would allow an intern (no matter how good) to set up a live honeypot??
Similar Threads
-
By dolemite in forum Web Security
Replies: 8
Last Post: June 14th, 2004, 11:14 PM
-
By jm459 in forum Tech Humor
Replies: 1
Last Post: April 14th, 2004, 01:41 PM
-
By Fasheezy in forum Hardware
Replies: 5
Last Post: February 5th, 2004, 04:25 PM
-
By smirc in forum AntiOnline's General Chit Chat
Replies: 6
Last Post: May 13th, 2002, 04:35 PM
-
By smirc in forum AntiOnline's General Chit Chat
Replies: 3
Last Post: May 13th, 2002, 03:24 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|