This document discusses effective strategies for implementing honeynets in security. It describes different levels of potential attackers from very high to low. It explains how honeynets can be used to identify unauthorized and potentially malicious authorized users by separating production systems from external honeynet systems. The document also lists requirements for a high grade security strategy using integrated tools like honeynets, honeypots, honeytokens, network intrusion detection systems, and security information and event management.

1. XECUREIT.COM
“Your Security,
Our Passion”
Consultancy
Assurance
Research
Education
Effective Honeynet in
High Grade Security Strategy
"Feeling secure is dangerous. It makes us complacent."
"Rasa aman berbahaya. Rasa aman membuat kita lengah."
Gildas Deograt Lumy, CISA, CISSP, ISO27001 LA
Chief Technology Officer
gildas@xecureit.com

2. Effective HoneynetPage 2 XECUREIT.COM
Example

3. Effective HoneynetPage 3 XECUREIT.COM
Enemy Level
 Very High
● Government grade attacker
● “Unlimited” resources, “lawful”
 High
● High level of expertise, using advance in-house developed tools,
budget <USD 1 Million
● Authorized users both consciously and as victims of social engineering
 Medium
● Have expertise, using public or customized tools, budget <USD100,000
● Known Attacker, such as employees, contractors, partners or customers
both consciously and as victims of social engineering
 Low / Very Low
● Script kiddies, new born attacker, using public tools, budget <USD10,000
● Unknown Attacker (Public)

4. Effective HoneynetPage 4 XECUREIT.COM
Easy to know your enemy ;)
(Production)
group_server1.organisasi.id
group_server2.organisasi.id
(External Honeynet)

5. Effective HoneynetPage 5 XECUREIT.COM
How to know the malicious authorized user?
(Production)
group_server1.organisasi.id
group_server2.organisasi.id
(External Honeynet)

6. Effective HoneynetPage 6 XECUREIT.COM
Easy to know the “potential” malicious authorized users
(Production)
group_server1.organisasi.id
group_server2.organisasi.id
(External Honeynet)

7. Effective HoneynetPage 7 XECUREIT.COM
Easy to know the malicious authorized users
(Production)
group_server1.organisasi.id
group_server2.organisasi.id
(External Honeynet)

8. Effective HoneynetPage 8 XECUREIT.COM
Requirements
 High Grade Security Strategy
● Appropriate information security classification.
● Balance prevention and detection mechanism.
● Effective systems “separation of duties”.
● Clear understanding of information security policies and
procedures (Do’s and Dont’s).
 Integrated Tools
● Honeynet, Honeypot & Honeytoken
● Network-based IDS
● SIEM

9. XECUREIT.COM
“Your Security,
Our Passion”
Consultancy
Assurance
Research
Education
TERIMAKASIH
THANK YOU
"Feeling secure is dangerous. It makes us complacent."
"Rasa aman berbahaya. Rasa aman membuat kita lengah."
Gildas Deograt Lumy, CISA, CISSP, ISO27001 LA
Chief Technology Officer
gildas@xecureit.com