Honeypots mailing list archives
Re: Honeynet Requirements
From: Maximillian Dornseif <md () un bewaff net>
Date: Sun, 16 May 2004 06:08:18 -0500
On 15.05.2004, at 18:14, Chuck Fullerton wrote:
Using the diagram from the Honeynet Paper from www.honeynet.org, when you add honeypots to your honeynet, how closely must they mirror the productionmachines?
My research (http://md.hudora.de/publications/#honeyeco ) indicates that greater similarity to production machines increases the likelihood that your Honeynet will get profitable. Which means that you get mor value in information out of the Honeynet than you put into it in the form of maintenance and creating a realistic mirror of production machine.
But keep inn mind that this research is rather abstract and might not apply th your specific circumstances. Nevertheless it gives some guidance.
Regards Max -- Maximillian Dornseif, Dipl. Jur., CISSP Laboratory for Dependable Distributed Systems, RWTH Aachen University Tel. +49 241 80-21431 - http://md.hudora.de/
Current thread:
- Honeynet Requirements Chuck Fullerton (May 15)
- Distributed Honeypot Project whitepaper announcement Andrew R. Lamb (May 16)
- Re: Honeynet Requirements Richard Stevens (May 16)
- Re: Honeynet Requirements Maximillian Dornseif (May 16)
- Re: Honeynet Requirements Julian Grizzard (May 16)