Home page logo
/

educause logo Educause Security Discussion mailing list archives

Re: Honeypot policy
From: Jeff Kell <jeff-kell () UTC EDU>
Date: Sun, 19 Jan 2014 22:05:25 -0500

On 1/19/2014 7:50 PM, John C. A. Bambenek, GCIH, CISSP wrote:
I am grappling with security policy concerns with having honeypots on
a campus network (DMZ). This is for research and a security class.  Do
you allow these on your campus networks or require them on external
provider/ISPs? If on campus, how did you deal with the policy issues?

Our network security group operates several such hosts, as well as a
"Darknet" space, which are within our public IP space, but internally
isolated from the campus network.

We also have a lab setup for what used to be the Advanced Network
Security lab (we call it the "virus lab"), which is used by a couple of
classes/instructors.  It is on an isolated VRF to separate it from the
campus network, it is then tunneled to our border, and operates on a
separate IP block from one of our commodity providers.  It is
essentially unfiltered (bypasses our ACLs, IPS, and other protections),
but restricted to commodity IPv4 access (no Internet2, etc).

Jeff

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault