Honeypots mailing list archives
Re: Gen I or Gen II
From: Richard Stevens <mail () richardstevens de>
Date: Sat, 8 Feb 2003 18:53:30 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Saturday 08 February 2003 18:18, george chamales wrote:
What is the topic of your thesis and what sort of information are you looking to gather? More specific information would help everyone better answer your question.
Basically in my thesis I'd like to relate the cost, value and risk involved with setting up a research honeynet. I have found a corporate partner who is sponsoring the effort. It's an ISP and telephone service provider. They'll provide me with some hardware, space to put the machines and network connectivity and some manpower in case I got problems or questions. There is no final decision on the types of honeypots yet, but there will be some systems similar to systems they have in production right now and a sensor for a new intrusion detection system that is going into production soon. Besides the obvious, checking out those systems in a very controlled environment, I'm interested in what information can be gained with such a setup, how much does it cost to set it up and maintain and what are the risks involved. That means that the honeynet itself is not really set up and configured to see, find or analyze a certain threat or type of threat but it should allow detection and analysis of a broad range of attacks/threats to get a better measurement of the potential value. I believe such a setup could be very interesting for ISPs, since it can provide an early warning facility, means to analyze certain threats after they happened with pure data without having to wade through the main firewall and ids logs and potentially even more. Right now I'm in the planning stage and the result should be the outside frame with data control, data capture and alert mechanisms in place. By the time that stage is completed, I'll probably have final decisions about the honeypots that are supposed to go in. Once I know the systems, I can plan the modifications needed to gain as much information as possible from the honeypots. The IDS sensor is for now just supposed to run along, mainly to compare the results between the findings of the honeynet infrastructure and that sensor. I'm not quite sure about the way that thing works yet, so maybe there is something else, one can do with it, for example check for attacks against the sensor and see how it reacts. I hope this gives a better overview about the goals and plans. Richard -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+RUQgWQvEMJfcXlQRAprRAJ0UQZ4US4/GrN83uZaZPucYc0wPpwCfS20O Wf9J7dyJ86OzSugM1wG77Fs= =uy0Z -----END PGP SIGNATURE-----
Current thread:
- Gen I or Gen II Richard Stevens (Feb 08)
- Re: Gen I or Gen II george chamales (Feb 08)
- Re: Gen I or Gen II Richard Stevens (Feb 08)
- <Possible follow-ups>
- RE: Gen I or Gen II Richard-LaBella (Feb 10)
- Re: Gen I or Gen II george chamales (Feb 08)