- TrIpLeZoNe -

The Honeynet Project

The Honeynet Project is a non-profit (501c3) research organization of security professionals dedicated to information security. They have no products, services or employees, their research is done on a volunteer basis. It is their goal to learn the tools, tactics, and motives of the blackhat community and share these lessons learned. It is hoped that their research will benefit both its members and the security community. Founded in October, 1999, all of their work is OpenSource and shared with the security community.

It is their hope and intent to support the security community in the following three ways:

• Raise Awareness
  To raise awareness of the threats and vulnerabilities that exist in the Internet today. We raise awareness by demonstrating real systems that were compromised in the wild by the blackhat community. Many people (especially homeowners) believe it can't happen to them, that they are not a target. We hope to change their mind.
• Teach and Inform
  For those in the community who are already aware and concerned, we hope to give you the information to better secure and defend your resources. Historically, intelligence about attackers has been limited to the tools they use. The Project intends on providing additional information, such as their motives in attacking, how they communicate, when they attack systems and their actions after compromising a system.
• Research
  To provide the technology and methods of information gathering. Organizations, such as universities, may be interested in developing their own ability to research threats or adversaries.

That's a brief introduction to what The Honeynet Project is. What I want to highlight is more their whitepapers located @ http://www.honeynet.org/papers/index.html. They have some pretty good whitepapers like Know Your Enemy: Tracking Botnets which describes botnets quite indepth. Another thing I'd like to highlight is their book called "Know Your Enemy, 2nd Edition". Here's an excerpt:-

Know Your Enemy, 2nd Edition is a total re-write from the original, resulting in over 700 pages of detailed information and examples. We cover everything from how to deploy the latest honeynet technology, to analyzing the data they collect and what we have learned. Each chapter is written by individuals who specialize in that area. For example, forensic material is written by Brian Carrier and Rob Lee, profiling by social pychologist Max Kilger, and legal issues by Richard Salgado of the Department of the Justice. Included is a companion CDROM that has the tools, data, and examples for you to use and learn from. All proceeds from the book help fund honeynet research. Read reviews by IEEE Security, LinuxJournal, Richard Bejtlich, Thomas Duff, Robert Slade, and Ben Rothke!

Another excellent resource I'd like to highlight is their "Honeywall CDROM". It's a live-cd based on the Linux OS, to help set up your very own honeynet, with all the utilities for monitoring the network and data going through. Here's an excerpt:-

The Honeywall CDROM combines all the tools and requirements of a GenII honeynet gateway on a (hopefully) easy to use, secure, bootable CDROM. The intent is to make honeynets easier to deploy and customize. You simply boot off the CDROM, configure it based on your environment, and you should have a Honeywall gateway ready to go. The CDROM supports several configuration methods, including an interactive menu and .iso customization scripts. The CDROM is an appliance, based on a minimized and secured Linux OS.