This document discusses effective strategies for implementing honeynets in security. It describes different levels of potential attackers from very high to low. It explains how honeynets can be used to identify unauthorized and potentially malicious authorized users by separating production systems from external honeynet systems. The document also lists requirements for a high grade security strategy using integrated tools like honeynets, honeypots, honeytokens, network intrusion detection systems, and security information and event management.
3. Effective HoneynetPage 3 XECUREIT.COM
Enemy Level
î Very High
â Government grade attacker
â âUnlimitedâ resources, âlawfulâ
î High
â High level of expertise, using advance in-house developed tools,
budget <USD 1 Million
â Authorized users both consciously and as victims of social engineering
î Medium
â Have expertise, using public or customized tools, budget <USD100,000
â Known Attacker, such as employees, contractors, partners or customers
both consciously and as victims of social engineering
î Low / Very Low
â Script kiddies, new born attacker, using public tools, budget <USD10,000
â Unknown Attacker (Public)
4. Effective HoneynetPage 4 XECUREIT.COM
Easy to know your enemy ;)
(Production)
group_server1.organisasi.id
group_server2.organisasi.id
(External Honeynet)
5. Effective HoneynetPage 5 XECUREIT.COM
How to know the malicious authorized user?
(Production)
group_server1.organisasi.id
group_server2.organisasi.id
(External Honeynet)
6. Effective HoneynetPage 6 XECUREIT.COM
Easy to know the âpotentialâ malicious authorized users
(Production)
group_server1.organisasi.id
group_server2.organisasi.id
(External Honeynet)
7. Effective HoneynetPage 7 XECUREIT.COM
Easy to know the malicious authorized users
(Production)
group_server1.organisasi.id
group_server2.organisasi.id
(External Honeynet)
8. Effective HoneynetPage 8 XECUREIT.COM
Requirements
î High Grade Security Strategy
â Appropriate information security classification.
â Balance prevention and detection mechanism.
â Effective systems âseparation of dutiesâ.
â Clear understanding of information security policies and
procedures (Doâs and Dontâs).
î Integrated Tools
â Honeynet, Honeypot & Honeytoken
â Network-based IDS
â SIEM