Honeypot server?

  • Thread starter Thread starter ExAdmin
  • Start date Start date
E

ExAdmin

Has anyone ever set up a 'honeypot' server on their network? I've heard it's
good to put a server/workstation out there with zero security settings and
maximum audit logging to catch worms and hackers. I'd like to set something
like this up on my network. but not sure where to set the auditing and
logging...

any help would be great.

thanks,
Daniel
 
Ummm, if you're not sure where to set the auditing and logging, please don't
pollute the 'net with another honeypot.

It is not "good" to place an unprotected system on the Internet unless you
know precisely what you're doing, can monitor it closely, and have taken
precautions to ensure that the compromised system cannot be used to attack
other networks, including your own primary network.
 
Has anyone ever set up a 'honeypot' server on their network? I've heard it's
good to put a server/workstation out there with zero security settings and
maximum audit logging to catch worms and hackers. I'd like to set something
like this up on my network. but not sure where to set the auditing and
logging...
Click to expand...

First, don't. :)

Honeypots are nice for security auditing and planning, but pretty
useless as actual deterrents and/or traps. Unless you have the
knowledge to deal with this (which you don't if you're asking about
where to set logging and auditing) then all you're doing is opening up
another system for hackers.

Better for you would be to concentrate on securing what you have, and
setting up an intrusion detection system if you really want to do a
honey pot. They aren't the same, but at your skill level you will
have enough trouble with an IDS.

Actually, first start auditing and logging on your standard network
issues. Audit unsuccesful logon attempts for a start.

Jeff
 
Back
Top