Honeypot

DISCLAIMER

Any actions and or activities related to the material contained within this Website is solely your responsibility. The misuse of the information in this website can result in criminal charges brought against the persons in question. Cyber Security Associates Limited, will not be held responsible for any criminal charges brought against any individuals misusing the information in these projects to break the law.

Please ensure you are using the latest SD Card image which is available here.

 

Teacher Overview

Kali Linux is an OS which has been created specifically for ethical hacking and digital forensics and is loaded with numerous of tools such as nmap and metasploit. Kali Linux also has a range of security tools and digital forensic applications that can be applied to many situations and currently is one of the most popular OS for cyber security specialists. The advantage of using Linux for most of these powerful tools is the ability to load them onto nearly any Linux flavour. There are other OS made for penetration testing such as Parrot OS and Black Arch but generally it is easier to access Kali Linux than these alternatives.

A honeypot is an exposed device set up as a decoy to lure cyber attackers and to detect, deflect or study hacking attempts in order to gain unauthorised access to information systems. The function of a honeypot is to represent itself on the internet as a potential target for attackers, usually a server or other high-value target and to gather information and notify defenders of any attempts to access the honeypot by unauthorised users. Honeypot systems often use hardened operating systems and are usually configured so that they appear to offer attackers exploitable vulnerabilities. For example, a honeypot system might appear to respond to Server Message Block (SMB) protocol requests used by the WannaCry ransomware attack and may represent itself as an enterprise database server storing consumer information.

Honeypots are most often used in companies involved in cybersecurity research, to identify and defend attacks from advanced persistent threat actors. Honeypots can be an important tool for large organisations to take an active defence stance against attackers, or for cybersecurity researchers who want to learn more about the tools and techniques that attackers use. The cost of maintaining a honeypot can be high, in part because of the specialised skills required to implement and administer a system that appears to expose the organisation's network resources while still preventing attackers from gaining access to any production systems.

Generally, a honeypot operation consists of a computer, applications and data that simulate the behaviour of a real system and appears as part of a network; however, the honeypot is actually isolated and closely monitored. Because there is no reason for legitimate users to access a honeypot, any attempts to communicate with a honeypot should be considered hostile. Viewing and logging this activity can help improve security by providing insight into the level and types of threat a network infrastructure faces while distracting attackers away from assets of real value. Researchers suspect that some cybercriminals use honeypots themselves to gather intelligence about researchers, act as decoys and to spread misinformation.

Virtual machines are often used to host honeypots, so if it is compromised by malware, for example, the honeypot can be quickly restored. Two or more honeypots on a network form a honeynet, while a honeyfarm is a centralised collection of honeypots and analysis tools. Honeypots help researchers understand threats in network systems, but production honeypots should not be seen as a replacement for a standard IDS. If a honeypot is not configured correctly, it can be used to gain access to real production systems or be used as a launch pad for attacks against other target systems.

In this project the students will be learning what a honeypot is and how to configure it.

Suggested Year Group

The suggested age group is 16+, due to the nature of this project and the skills it is developing.

 

Learning Outcomes

  • Explain the basic principles of honeypot;

  • Teach the students how to configure a piece of software and make it into a honeypot;

  • Explain the different uses of a honeypot.

 

Hardware Required

Component Number (Peli Case)

(Base) 4 + 5

(Base) 5

(Base) 9

(Level 1) 3

(Level 1) 3

(Level 1) 5

(Level 1) 1

Component Number (Box Case)

Slot 1

Slot 11

Slot 2

Slot 11

Slot 11

Slot 12

Slot 13

Component

Raspberry Pi + Case

Kali Linux SD Card

TFT Screen

HDMI

Wireless Keyboard

Wireless Mouse

Power Supply Unit

 

Video Guide

 

Conclusion

This project is designed to introduce the students to the honeypot and the applications it has within IT and cyber security. The students will have used software on the Raspberry Pi and configured it into a honeypot then have run it to have exposed ports. When a connection is attempted it will log the IP address and prevent them from accessing a legitimate service. A honeypot is an extremely powerful tool, and this project is just scratching the surface of what the students could achieve. Keep in mind that the Raspberry is limited in processing power and will not be able to handle large volumes of traffic accurately. As such, this should obviously not be used in production environments.