Security Basics mailing list archives
recommended honeynet configuration
From: "steve" <securityfocus () delahunty com>
Date: Fri, 2 Jul 2004 14:39:29 -0400
Have a project where we are able to set up a honeynet in order to learn from the damage/results. We have hardware and network connectivity apart from our regular production network. I think it would be interesting to maybe set up a few machines on the honeynet, running various OSes and web servers such as: Windows NT / IIS 4 Windows 2000 / IIS 5 Windows 2003 / IIS 6 FreeBSD / Apache I guess to make this a true honeynet we should do the base installs of each OS and not patch them. We need a firewall to restrict outbound but allow inbound to the open ports. We need to log events while keeping intruders from knowing they are being monitored. We need to analyze the data. Is this the hardware above the right mix? Should we have other services running like SMTP and FTP? Should we add other hardware like a router to be exploited? Has anyone run such a project and have recommendations / lessons learned? How to best save off the logs for review to determine impact? What does the group think? Here is an interesting presentation I found on the topic. http://cis.tamu.edu/security/microsoft/ISF_01_30_02.ppt --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- Port 80 open without WebServer Paulo (Jul 01)
- Re: Port 80 open without WebServer Nelson Santos (Jul 01)
- Re: Port 80 open without WebServer Paulo (Jul 01)
- Re: Port 80 open without WebServer Nelson Santos (Jul 01)
- Re: Port 80 open without WebServer Nelson Santos (Jul 01)
- Re: Port 80 open without WebServer David Roman Esteban (Jul 05)
- Re: Port 80 open without WebServer Paulo (Jul 01)
- Re: Port 80 open without WebServer Nelson Santos (Jul 01)
- Re: Port 80 open without WebServer Javier Larrea Jaspe (Jul 01)
- Re: Port 80 open without WebServer Carlos Bergero (Jul 01)
- Re: Port 80 open without WebServer mike (Jul 01)
- recommended honeynet configuration steve (Jul 06)
- Re: recommended honeynet configuration Florian Streck (Jul 06)
- recommended honeynet configuration steve (Jul 06)
- Re: Port 80 open without WebServer Hemil (Jul 05)
- Re: Port 80 open without WebServer Paul Kurczaba (Jul 05)
- <Possible follow-ups>
- RE: Port 80 open without WebServer BANIER Jeremie (Jul 01)
- Re: Port 80 open without WebServer pingywon MCSE (Jul 05)
- RE: Port 80 open without WebServer Hamish Stanaway (Jul 05)
- Re: Port 80 open without WebServer Ivan Coric (Jul 05)
- Re: Port 80 open without WebServer Marcus Taylor (Jul 06)
- RE: Port 80 open without WebServer Thomas48 (Jul 06)
- Fw: Port 80 open without WebServer Todd . Bailey (Jul 05)