        ĳ
                                +-+-+-+-+-+-+-+-+
         ۲|O|u|t|b|r|e|a|k|𰰰
                                +-+-+-+-+-+-+-+-+
                             Issue #2 - Page 1 of 12 
        ĳ                        


		       --=Honeynets: A Simple Overview=--
                                 
                                  -by `Enigma-


--------------------------------
1. What the hell is a honeynet?
--------------------------------

let me first explain what a honeynet is for those of you that don't know. a 
honeynet is a network that is designed to be broken into. this network of computers 
is wired with sensors to monitor the actions of intruders. it is then put up on 
the internet, giving it a appealing name and alluring content. when hackers break 
into the network their actions are then recorded such as: how they break in, when 
they are successful, what they do when they succeed.  

--------------------------------
2. Layers of Security
--------------------------------

the most important thing when constructing a honeynet is layers. layers of 
security are vital when it comes to analyzing an attack on your honeynet. you 
need to anticipate failure on your honeypots. therefore by having multiple 
security layers built into your architecture you solve the problem of single 
layer failure. failures include firewalls not warning you of suspicious traffic,
syslog failure (send or receive system logs), DNS not resolving. you would be 
surprised at what will go wrong.

--------------------------------
3. Selecting Your Hardware
--------------------------------

one of the nice things about setting up a honeynet is that the systems you use 
don't have to be geared towards performance. for example i used old pentiums 
with 64MB of RAM, and a some old sparc5 boxes. for the internet connection use 
whatever you have available.

--------------------------------
4. What OS should I use?
--------------------------------

the operating systems on your boxes is entirely up to you. i recommend using 
default installations of RedHat and/or NT 4.0 running IIS webserver. if you want to
use solaris, end user package 2.6 (unpatched) should work well. it is a good idea 
to use easily exploitable versions of operating systems. default installations are 
a good idea in most cases, as they are the least secure. remember these systems are
designed to be compromised, but don't make this obvious to the intruder. the idea is
to keep the intruders attention without scaring him off. as for keeping their attention, 
turn your network into some sort of classified NSA project. use your imagination.

--------------------------------
5. In order to learn you must...
--------------------------------

regular maintenance of your honeypots is vitally important. you can't just set 
up your network and leave it expecting to learn. you must regularly check logs 
for signs of an attack. you never know when or how your systems will compromised,
but they will. i guarantee you will capture some interesting activity.

--------------------------------
6. Closing
--------------------------------

in closing let me say that you can't go about this project half assed. so if you
just want to set a honeynet to fuck with some script kiddies please disregard 
everything you just read. constant monitoring of your systems is required for a 
successful learning experience. so have fun!

for futher reading on honeynets i recommend the book "Know Your Enemy: Revealing the 
security tools, tactics and motives of the blackhat community."
