Open-Source Tool Aimed At Propelling Honeypots Into the Mainstream

  /     /     /  
Publicated : 22/11/2024   Category : security


Open-Source Tool Aimed At Propelling Honeypots Into the Mainstream


Free software automates the setup, management of honeypots for enterprises.



Researchers have built a free open-source honeypot software program aimed at propelling the hacker decoys into security weapons for everyday organizations.
The Modern Honey Network (MHN) software, created by the Google Ventures-backed startup ThreatStream, automates much of the process of setting up and monitoring honeypots, as well as gleaning threat intelligence from them. An API allows it to integrate with IDSes, IPSes, application-layer firewalls, SIEM, and other security tools to set up defenses against attacks it detects.
Honeypots -- basically lures posing as machines that let organizations gather intelligence and study the behaviors of attackers -- long have been a popular and valuable tool for security researchers. There are plenty of open-source honeypot tools available today, but the high maintenance and complexity of deploying and running these lures have made them unrealistic security options for most businesses.
Honeypots have never truly taken off in the enterprise, says Greg Martin, CEO of ThreatStream, which provides a software-as-a-service threat intelligence system for large organizations like Northrop Grumman and SAIC. The goal of MHN is to simplify honeypot deployment and ultimately to make these tools a mainstream, inherent part of the security arsenal for companies in various industries.
You can deploy 29 honeypots with the click of a button with the open-source tool, Martin says. With a VMware server, you can do 30 or 40.
[A staple of the computer-security toolbox for more than two decades, honeypots can provide companies with unique benefits. Read
5 Reasons Every Company Should Have A Honeypot
.]
Jason Trost, senior analytics engineer with ThreatStream and formerly with the Department of Defense and Sandia National Labs, says installing and managing honeypots has been harder than it should be. Thats what inspired him to lead the development of MHN, which uses several open-source honeypots, including that of Snorts sensor and honeypots Dionaea, Conpot, Shiva, and Nepenthes, as well as the MongoDB database and The Honeynet Projects Honey Map, which provides geographic visualization of attacks and malicious activity captured by honeypots.
There are organizations that have the expertise to use honeypots, Trost says. But honeypots are not done in the mainstream, because they are time-consuming. I hope this [MHN] lowers the bar to do that.
The tool can be used for two basic types of honeypot setups: outside the organization to monitor Internet-wide threats and inside the organization, behind the firewall, to monitor targeted attacks or insider threats. If you have a honeypot inside and see attacks on it, its an amazing way to catch an APT from the inside, Martin says.
According to SANS, honeypots can help if theyre deployed properly. However, it can also cause a decrease in an organizations security by being more attractive to worms or attacks, SANS says in its
honeypot guide for enterprises
. Therefore, an organization must clearly define the risks it wants to reduce with a honeypot and the requirements for accomplishing this. Then, any deployment can be tested to make sure it benefits the organization.
Deploying a high interaction honeypot is especially risky. The Russian researcher Alexey Sintsov learned this the hard way: He ran an
experimental honeypot
on the DEFCON Russia website he manages in order to counterattack and gather attacker information such as network adapter settings, trace routes, and login names. But Sintsov got more than he bargained for; he found that he had hit the desktop of an intelligence agency from a nation that was formerly part of the Soviet Union. He later uninstalled the honeypot.
But the open-source MHN is a so-called low interaction honeypot, meaning that it merely gathers information and doesnt hack back, so the risks of exposure are minimal. Risks of honeypots are very much a misconception, Martin says. Honeypots that make parts of your [infrastructure] look vulnerable, yes, but the benefit is having that attacker intelligence. If they see the honeypot, they are already scanning and looking. That intel outweighs any risks youre introducing by making you look vulnerable.
Plus, honeypots are hardened by design, he says.
MHN, meanwhile, can be used with a little crowdsourcing, too. Weve created a public server that pulls together intelligence [the systems gather], and you have the option to crowdsource the information, Martin says. ThreatStream ultimately plans to share attack trends publicly: which countries are hosting the attacks and where DDoS attacks are occurring, for instance. You can create a huge cyber weather map.
The free honeypot tool is available
here
for download.

Last News

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Open-Source Tool Aimed At Propelling Honeypots Into the Mainstream