Setting up a honeypot is a well-known strategy for having a complete cyber-security system. The honeypot is a phony, low-stakes web environment you set up as a decoy. Hackers find the resource and by exploring it for vulnerability, leave clues about their identities and motivations. In addition to incriminating themselves, the honeytrap can deceive hackers or waste enough of their time that they move on.
The Modern Honey Network (MHN) has taken this concept to the next level, offering an open source platform which can integrate your honeypot network with the other components of your cyber-security arsenal. You can create both interactive and other system resources to create a network that is nuanced and “feels” real. Here are some suggestions for using MHN, the platform that will serve as a singular dashboard for working with all of the data collected.
- Save on software platform costs by using open source code. Formerly, honeypots were only available to large-scale enterprises with lots of resources or very resourceful IT specialists who had a lot of free time. This left out small and medium-sized users who lacked the budget for a honeypot platform. Now with the introduction of the Modern Honey Network, the basic platform is free to download.
- Set up external and internal honeypots. External honeypots can take lots of forms so it’s best to apply the principle of a deception trap to many different web elements. This increases your chances of catching an intruder. One popular external application is a phony user registration form which catches would-be spam posters. Placing a decoy in your cloud server is another good suggestion for external use.
An example of an internal application for a honeypot would be a file folder or even a single record in a database labeled something tempting like “executive salaries” or “development plans.” Once MHN notifies you of a visitor, you can see which user accessed it. From there, you can determine if you’ve got a compromised login or a rogue employee.
- Make them unique. It’s important to modify the original source code enough that it is not recognizable. Technically, any entity you leave purposefully vulnerable to fool malicious forces is a honeypot. Some are decoy servers, but it also could be something as simple as posting an unused email address which will only receive messages from greedy or malicious senders. For creative suggestions, find relevant conversations at places like the MHN Google+ group or other venues specifically for sharing tips and experiences.
- Share your threat intelligence. Others in your area or industry are very likely to be attacked by the same hackers. With MHN, you benefit from IoCs collected by your contemporaries. Form circles of trust with others. You have options for controlling what you share, and can easily adhere to DOD guidelines regarding privacy protection.
Setting up a convincing deception trap takes some thought and effort. We hope you can get the best possible return on your investment with our help. If you’re ready to expand your existing deception traps or are just getting started, watch our webcast Lessons Learned From Building and Running MHN.
Topics:Modern Honey Network