SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsA honeypot is a program, machine, or system put on a network as bait for attackers. The idea is to deceive the attacker by making the honeypot seem like a legitimate system. A honeynet is a network of honeypots set up to imitate a real network. Honeynets can be configured in both production and research environments. A research honeynet studies the tactics and methods of attackers. A production honeynet is set up to mimic the production network of the organization. Honeypots return highly valuable data that is much easier to interpret than that of an IDS (Intrusion Detection System). This paper focuses on the description and analysis of honeypots as well as how and where they are used. I describe the process of setting up and running a honeypot. Commands and associated output are provided to demonstrate how one would configure and install a honeypot. I set up two honeypots in an air-gapped security lab to test their effectiveness. I used the Nmap vulnerability scanner to test each of the honeypots in terms of their ability to emulate various operating systems and services. I also describe any potential problems that I encountered during my testing. This paper also takes a look into the mind of the enemy. Recommendations for honeynets are provided.