-
March 19th, 2004, 11:46 PM
#1
Honeywall: CDRom Bootable Honeypot!
I got a note via one of the SecurityFocus lists asking about wanting to beta test the Honeynet's Project's new toy: The Honeywall. Apparently this will be a bootable CDrom honeypot, pre-fab and preconfigured kind of concept. I found this PowerPoint Slide Presentation that talks about it.
Anyone else know anything more about the project?
-
March 20th, 2004, 08:57 PM
#2
The Honeywall is a bootable CD, which boots into a preinstalled and preconfigured build of Linux. It acts as a gateway to a network of computers, each of which will function as a Honeypot. All the technologies required to capture and control data passing through the Honeywall have been pre-installed and are easily configured through an intuitive menu system. IPTables is used for data control, while Snort is used for data capture. All software deployed is open-source and as such, the only cost required in building your own honeynet is the hardware and the honeypot operating systems. But what is more important and what was the initial goal of the project is that the tool allows honeynet technology to be deployable in a standardised form that is simple to configure and easy to use. With the use of Honeywalls, organisations will be able to deploy their own honeynets to help observe malicious activity within their organisations, a regular but until now un-monitored occurrence.
http://www.mii.ie/msd/general_views_....asp?recID=123
It follows GenII guidelines http://www.linuxvoodoo.com/resources/security/gen2/
Can't find an ISO, but it looks like you could basically build it yourself with the Sebek tools. http://project.honeynet.org/tools/sebek/
\"Ignorance is bliss....
but only for your enemy\"
-- souleman
-
March 20th, 2004, 09:05 PM
#3
Actually, I just got the following email on the list:
One of the goals of the Project (PhaseIII) is to release a bootable Honeywall CDROM to the community:
( http://www.honeynet.org/misc/project.html).
This implementation allows the user to easily deploy a Honeynet without having to worry about putting all the right pieces together to enable the data capture and data control requirements for a Honeynet. Instead, the
user can focus their time and energy in deploying/analyzing the honeypots that reside behind the honeywall.
We hope to have the image publicly available by the end of April or early May in the form of a beta release.
So it's coming soon.
-
March 22nd, 2004, 04:33 PM
#4
Where are the log keep? Network Drive? USB Key (Size??) ?
-
March 22nd, 2004, 08:32 PM
#5
I believe the logs are kept on a Sebek server.
It has two components. The first is a client that runs on the honeypots, its purpose is to capture all of the attackers activities (keystrokes, file uploads, passwords) then covertly send the data to the server. The second component is the server which collects the data from the honeypots. The server normally runs on the Honeywall gateway.
http://project.honeynet.org/tools/sebek/sebek_intro.png is the Sebek architecture.
\"Ignorance is bliss....
but only for your enemy\"
-- souleman
-
March 22nd, 2004, 08:54 PM
#6
this sounds useful indeed.
Trappedagainbyperfectlogic.
-
May 13th, 2004, 09:46 AM
#7
Update... The cd has been released:
The Honeynet Project is excited to announce the beta release of the Honeywall CDROM. This is a bootable CDROM that contains all the tools and functionality needed to operate a honeywall, including
data control, data capture and automated alerting. The CDROM is based on William Salusky's FIRE and is designed to act as an appliance: only those tools necessary to run the Honeywall are included on the CRDOM. The CDROM has a menu interface for faster installation, configuration, and maintenance; it also has advanced features that allow users to create customized .iso images. In addition, we are releasing the paper "Know Your Enemy: Honeywall CDROM." This KYE paper is an overview of the CDROM, how it works and is configured, issues and limitations, and several deployment examples.
NOTE: This CDROM is considered beta. This means the odds of this CDROM image having bugs or other issues is extremely high. Please submit any problems you have to our bugserver, https://bugs.honeynet.org. Also, since this CDROM automates the process of deploying honeynets, it's that much easier to shoot yourself in the foot. Be sure you read all documentation and understand the concepts and risks of honeynets before deploying one of these (you have been warned).
The Honeywall CDROM homepage http://www.honeynet.org/tools/cdrom
KYE: The Honeywall CDROM http://www.honeynet.org/papers/cdrom
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|