THE EVO­LU­TION OF THE HON­EY­POT

Maximum PC - - R&D -

Honey­pots have evolved from the de­funct Ne­penthes through its re­place­ment, Dion­aea ( https://dion­aea.readthe­docs.io). The re­source in­for­ma­tion pro­vided on the Github link ( https://github.com/par­alax/awe­some­honey­pots#hon­eyd) is tes­ta­ment to the evo­lu­tion of the tech, and what it’s ca­pa­ble of pro­vid­ing.

With the evo­lu­tion of honey­pots (col­lec­tors), a need for man­age­ment and log­ging of the data be­came im­por­tant. Mod­ern Honey Net­work (MHN) ( https://github.com/threat­stream/mhn) is a cen­tral­ized server, for de­ploy­ing col­lec­tors, gather­ing their data, and pro­vid­ing a web in­ter­face for man­age­ment.

In 2001, the In­ter­net Storm Cen­ter (ISC) was cre­ated fol­low­ing the de­tec­tion, anal­y­sis, and wide­spread warn­ing of the Li0n worm. The ISC pro­vides warn­ing ser­vices and works to com­bat ma­li­cious at­tack­ers by sup­port­ing a dis­trib­uted de­tec­tion sys­tem called DShield ( https://se­cure. dshield.org/about.html). DShield col­lects data about ma­li­cious ac­tiv­ity from across the In­ter­net. The ser­vice is free, spon­sored by the SANS In­sti­tute for the ben­e­fit of all In­ter­net users. The pub­lic can reg­is­ter to share data from their fire­walls or in­tru­sion de­tec­tion sys­tems. Reg­is­tra­tion is en­cour­aged, but not re­quired. The data is cat­a­loged and sum­ma­rized, and can be used to dis­cover trends in ac­tiv­ity, con­firm at­tacks, or as­sist in mak­ing bet­ter fire­wall rules.

Newspapers in English

Newspapers from Australia

© PressReader. All rights reserved.