Support Silicon Dojo at: https://www.donorbox.org/etcg http://www.silicondojo.com/ Honeypot Introduction What is a Honeypot A decoy system or device used to get a hacker to expose themselves Many Products are Available Part of an Intrusion Detection System Honeypot Strategy Do you have current problems/ concerns? Surveillance IS NOT SECURITY What happens when you detect an issue? Create Very Visible and “Hidden” Servers Look for Vulnerabilities You Don’t Have Track Any Access Attempts Even Pings can be tracked SSH Remote Desktop FTP Log Files Log Files are your documentation of what has happened on your network Parsing log files from multiple servers and devices can give you a better view of an intrusion event Trigger events based on log files Notifications Dynamic Firewall Rules Harden Your Honey Pot A hacker taking control of your Honeypot would be sad :( Verify security on your Honeypot is adequate Wipe and Reload Honeypots periodically Choosing a Honeypot