Honeypots: Re: honeypot deployment standard

[Albert Gonzalez <albertg () cerveau us>]

dcneting wrote:

> Are there any heuristic rules or guidance than can be used to deploy
> honeypots in large networks? Any documentation or methods on doing it?
> Or just depending on the network admin's honeypot experience? 
>
> Im looking for honeypot deployment standard that can be used to help
> network admins deploy honeypots(real or virtual) in large network
> environments :) 
>  
I recommend using a solution that you have the most experience with. 
This way it makes it easier to minimize mistakes and or 
misconfigurations. If you are not the only administrator of that 
network, then might want to look at something that be easily deployed 
and the other admins won't be 'scared' of. I've seen honeynet projects 
in large networks shot down because there was only one real competent 
admin, the rest were too intimidated by the process to setup the 
honeypots, thus it never launched passed the research phase.
I personally haven't seen any documentation that tailors to large 
networks, although it shouldn't too much of daunting task to use 
documentation for a 'regular' size honeynet and convert that to fit your 
needs.
Hope that helps...

Cheers,
Albert