Educause Security Discussion
mailing list archives
Re: Honeypot policy
From: Jeff Kell <jeff-kell () UTC EDU>
Date: Sun, 19 Jan 2014 22:05:25 -0500
On 1/19/2014 7:50 PM, John C. A. Bambenek, GCIH, CISSP wrote:
I am grappling with security policy concerns with having honeypots on
a campus network (DMZ). This is for research and a security class. Do
you allow these on your campus networks or require them on external
provider/ISPs? If on campus, how did you deal with the policy issues?
Our network security group operates several such hosts, as well as a
"Darknet" space, which are within our public IP space, but internally
isolated from the campus network.
We also have a lab setup for what used to be the Advanced Network
Security lab (we call it the "virus lab"), which is used by a couple of
classes/instructors. It is on an isolated VRF to separate it from the
campus network, it is then tunneled to our border, and operates on a
separate IP block from one of our commodity providers. It is
essentially unfiltered (bypasses our ACLs, IPS, and other protections),
but restricted to commodity IPv4 access (no Internet2, etc).