Sunday, April 17, 2016

Beeswarm Honeypot

Honeypots enable network security personnels to detect malicious activities in a network by tricking attackers that certain valid network services (such are web and ftp) are running on a server. In reality, however, honeypots simply log/analyze connection attempts initiated by an attacker.

Beeswarm is one of the many available open source honeypot software. It as a web frontend to allow for easier configuration. I made a minimal setup for our department just to check if some individuals/malwares are doing something interesting on our network. I will add updates on this post later.

Setup Notes:
On Ubuntu 14.04 server, use the following line to install the pyDes dependency. The one on the guide fails.
$ pip install http://twhiteman.netfirms.com/pyDES/pyDes-2.0.1.zip