HoneyPoint: Honeypot for Windows, Linux or Mac
InfoWorld - After over 10 years of active participation in the honeypot community, I was surprised not to have heard of MicroSolved's HoneyPoint Security Server before I started planning this roundup. HoneyPoint runs on Windows, Linux, and Mac OS X, and offers some useful features -- such as "defensive fuzzing" and the ability to track alert status -- that KFSensor and Honeyd don't. But HoneyPoint is neither as easy and complete as KFSensor, nor as flexible and scalable as Honeyd.
HoneyPoint's sensors, called HPoints, consist of HoneyPoints and HornetPoints. HoneyPoints are traditional honeypots with fake listening services and banners. HornetPoints are HoneyPoints that actively try to slow down malware and malicious hacking tools using defensive fuzzing, which is otherwise known as "tarpitting" in the computer security world. HoneyPoints and HornetPoints connect back to a centralized HoneyPoint Security Console; the data sent from the HPoints is encrypted to the console using 128-bit Blowfish.
Additionally, MicroSolved offers HoneyPoint Trojans and HoneyBees. HoneyPoint Trojans are red herring binary programs (custom created by MicroSolved when requested by the customer) that an attacker might be tricked into executing; the Trojan then connects back to the console, alerting the admin to the presence and location of the attacker. HoneyBees are programs that simulate unencrypted POP3 and HTTP connections, in order to create bogus authentication traffic that an attacker might sniff.
These are slightly interesting features, but they are useful only in certain scenarios: when the attacker has installed sniffers; when the sniffer is operating on the right network connections or the attacker has disabled the switched segments; or when the attacker is looking for POP3 or HTTP traffic. In short, they rely on a number of contingencies.
To continue reading, register here to become an Insider
It's FREE to join
- Accelerating Cloud Deployment and Operations with Managed Services Companies that do not have sufficient in-house expertise to either deploy or maintain an IaaS cloud should turn to Managed Service Providers .
- Enable secure remote access to 3D data without sacrificing visual perfomance Design and manufacturing companies must adapt quickly to the demands of an increasingly global and competitive economy. To speed time to market for...
- Simplifying Product Design In A Complex World Product design engineering has moved far beyond the confines of ever-more powerful workstations. Companies can't afford to restrict projects to using only local...
- A Reference Architecture for the Internet of Things The aim of this is to provide Architects and Developers of IoT projects with an effective starting point that covers the major requirements...
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to...
- Will the Real Endpoint Threat Detection and Response Please Stand Up? This webinar explores new technologies & process for protecting endpoints from advanced attackers as well as the innovations that are pushing the envelope... All Hardware White Papers | Webcasts
Our new weekly Consumerization of IT newsletter covers a wide range of trends including BYOD, smartphones, tablets, MDM, cloud, social and what it all means for IT. Subscribe now and stay up to date!