Honeynets expanding their capabilities
- By William Jackson
- Jul 28, 2005
LAS VEGAS'A global consortium of cybersecurity researchers has released a new tool to make it easier to track and analyze the activities of hackers.
The tool, released in May by the Honeynet Project, is a honeynet gateway called "Roo" and is available as a free download
A honeypot is a baiting system built to be compromised by hackers and monitored to observe their activities. A honeynet is a collection of honeypots. The Honeynet Project is a volunteer organization developing and using open-source tools to expand the use and awareness of honeynets and their capabilities in identifying online threats.
Honeynet Project members Allen Harper, a security engineer with the Defense Information Systems Agency, and Ed Balas, a security researcher at the Advanced Network Managment Lab at Indiana University, described the new tool today at the Black Hat Briefings computer security conference.
Roo automates much of the analysis of honeynet data that before had to be done by hand.
The honeywall performs several critical functions on a honeynet. The original honeywall tool, called "Eeyore," captured data from an intruder's activities and controlled what the intruders were able to do, ensuring a compromised honeypot could not be used to launch attacks on other systems.
The new Roo honeywall features an improved user interface and controls. "Most importantly, it can do analysis," Harper said.
Harper added that a goal of the Honeynet Project is to link multiple Roos with a central data collector, which would be called "Kanga," to create a grid of honeynets.
"We have the potential to put together a global honeygrid" that could provide global attack tracking and early warning of zero-day attacks, he said.
William Jackson is a Maryland-based freelance writer.