They have multiple uses, such as prevention, detection, or information gathering.
Classification of Honeypots 1.Production Honeypots Those used to protect organizations in real production operating environments. 2.Research Honeypots. They represent educational resources of demonstrative and research nature whose objective is centered towards studying all sorts of attack patterns and threats.
NETWORK WIRING MECHANISMS Figure 1 Figure 1 - Honey net with one honey pot and management host using a shared network
All cables shown as green are standard twisted pair cables.
2 Hubs or switches are used to connect interfaces together, along with 5 cables.
The management host only needs to have one network interface.
Figure 2 Figure 2 - Honey net with two honeypots and management host using a shared network
The above figure extends the design to include multiple honeypots off the internal interface of the honey wall.
This design, while simple and easy to understand, also has some serious security implications on the outside of the honey wall.
Figure 3 Figure 3 - Honey net with one honey pot and management host and direct connections
All cables shown in green are standard twisted pair cables.
All cables shown in red are cross-over twisted pair cables.
Cross-over cables eliminate the need to use hubs or switches to connect two 10 Base- t interfaces together.
Figure 4 Fig: Honey net with two honeypots on a shared network and management host using a direct connection
The main benefit to these last two configurations is that communication between the honey wall and the management host is entirely segregated (and thus hidden) from the shared network on the left.
They are designed to capture anything that interacts with them, including tools or tactics never seen before.
This means that resources can be minimum and still enough to operate a powerful platform to operate at full scale.
A computer running with a Pentium Processor with 128 Mb of RAM can easily handle an entire network.
They can only scan and capture activity destined to interact directly with them.
They do not capture information related to attacks destined towards neighboring systems
Inherently, the use of any security technology implies a potential risk. Honeypots are no different because they are also subject to risks.
The future plans are to make the Honey net deployment and management easy.
In next phase the Honey net Project would be releasing a bootable CDROM that will boot into a Honey net gateway or Honey wall.
The bootable gateway would have all the Data Control and Data Capture mechanisms as defined above.
Honeypots have tremendous potential for the security community, and they can accomplish goals few other technologies can.
Like any new technology, they have some challenges to overcome.
Most likely none of these problems will ever be completely solved or eliminated.
However, expect to see in the next 12 to 18 months many new developments that help address these, and other issues.
ANY QUIRIES…? For Documentation and Downloads Visit