Re: Honeypot server?
From: Jeff Cochran (jcochran.nospam_at_naplesgov.com)
Date: 12/15/03
- Next message: Bob Williamson: "Event 556"
- Previous message: lisa: "Windows local account password"
- In reply to: ExAdmin: "Honeypot server?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 15 Dec 2003 19:06:55 GMT
On Fri, 12 Dec 2003 12:28:20 -0800, "ExAdmin" <iamspam@abuse.net>
wrote:
>Has anyone ever set up a 'honeypot' server on their network? I've heard it's
>good to put a server/workstation out there with zero security settings and
>maximum audit logging to catch worms and hackers. I'd like to set something
>like this up on my network. but not sure where to set the auditing and
>logging...
First, don't. :)
Honeypots are nice for security auditing and planning, but pretty
useless as actual deterrents and/or traps. Unless you have the
knowledge to deal with this (which you don't if you're asking about
where to set logging and auditing) then all you're doing is opening up
another system for hackers.
Better for you would be to concentrate on securing what you have, and
setting up an intrusion detection system if you really want to do a
honey pot. They aren't the same, but at your skill level you will
have enough trouble with an IDS.
Actually, first start auditing and logging on your standard network
issues. Audit unsuccesful logon attempts for a start.
Jeff
- Next message: Bob Williamson: "Event 556"
- Previous message: lisa: "Windows local account password"
- In reply to: ExAdmin: "Honeypot server?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
