Educause Security Discussion mailing list archives
Re: Honeypot policy
From: Jeff Kell <jeff-kell () UTC EDU>
Date: Sun, 19 Jan 2014 22:05:25 -0500
On 1/19/2014 7:50 PM, John C. A. Bambenek, GCIH, CISSP wrote:
I am grappling with security policy concerns with having honeypots on a campus network (DMZ). This is for research and a security class. Do you allow these on your campus networks or require them on external provider/ISPs? If on campus, how did you deal with the policy issues?
Our network security group operates several such hosts, as well as a "Darknet" space, which are within our public IP space, but internally isolated from the campus network. We also have a lab setup for what used to be the Advanced Network Security lab (we call it the "virus lab"), which is used by a couple of classes/instructors. It is on an isolated VRF to separate it from the campus network, it is then tunneled to our border, and operates on a separate IP block from one of our commodity providers. It is essentially unfiltered (bypasses our ACLs, IPS, and other protections), but restricted to commodity IPv4 access (no Internet2, etc). Jeff
Current thread:
- Honeypot policy John C. A. Bambenek, GCIH, CISSP (Jan 19)
- Re: Honeypot policy Jeff Kell (Jan 19)
- Re: Honeypot policy Shamblin, Quinn (Jan 20)