Honey Haven: Creating Research HoneyPots In the Cloud – CF038

Posted on by
Listen Mobile:
Audio Only
Apple PodcastsGoogle PodcastsPlayer EmbedShareLeave a ReviewListen in a New WindowDownloadSoundCloudStitcherSubscribe on AndroidSubscribe via RSSSpotifyAudioboomSpreakerOther Options

Cyber Frontiers is all about Exploring Cyber security, Big Data, and the Technologies Shaping the Future Through an Academic Perspective!   Christian Johnson, a student at the University of Maryland will bring fresh and relevant topics to the show based on the current work he does.

Please leave a REVIEW (iPhone or iPad) – https://itunes.apple.com/WebObjects/MZStore.woa/wa/viewContentsUserReviews?id=857124890&type=Podcast&ls=1&mt=1

Support the Average Guy Tech Scholarship Fund: https://www.patreon.com/theaverageguy

WANT TO SUBSCRIBE? We now have Video Large / Small and Video iTunes options at http://theAverageGuy.tv/subscribe

You can contact us via email at jim@theaverageguy.tv

Full show notes and video at http://theAverageGuy.tv/cf038

This week on Cyber Frontiers Christian and Jim take a hands on approach to standing up honeypots in the cloud! We discuss no-cost and low-cost methods for the average guy or up and coming security researchers to design and deploy basic honeypot configurations to the cloud in a safe manner. We discuss why honeypots are used in the enterprise today, how to consider safe and ethical practices when utilizing honeypots, and provide a brief introduction to analyzing data results from honey pot collection. We outline one of many example frameworks that can be safely used in a non-enterprise setting to learn how to use and leverage honeypots for personal learning or to augment enterprise network defenses.

An Academic History Lesson in Honeypots: The Seminal Work

http://csrc.nist.gov/publications/secpubs/berferd.pdf

Software of Choice: Kippo

https://github.com/desaster/kippo

Basic Installation Guide

https://www.digitalocean.com/community/tutorials/how-to-install-kippo-an-ssh-honeypot-on-an-ubuntu-cloud-server

[This guide loosely follows our approach, but we’ve provided our command list below as there are several deviations discussed on the show]

Basic Port Configuration

sudo iptables –list

sudo nano /etc/ssh/sshd_config

sudo systemctl reload ssh

sudo -s

apt-get install python-dev openssl python-openssl python-pyasn1 python-twisted

apt-get install subversion

useradd -d /home/kippo -s /bin/bash -m kippo -g sudo

apt-get install authbind

touch /etc/authbind/byport/22

chown kippo /etc/authbind/byport/22

chmod 777 /etc/authbind/byport/22

su kippo

apt install python-pip

Basic Kippo Install

svn checkout https://github.com/desaster/kippo.git ./kippo

cd kippo

cd trunk

ls -lA

mv kippo.cfg.dist kippo.cfg

pip install -Iv twisted==15.1.0

./start.sh

cd log

tail -f kippo.log

cat kippo.log | grep “attempt”

cat kippo.log  | grep “login”

Further Reading: Analytics and Configuration In Kippo

http://resources.infosecinstitute.com/tracking-attackers-honeypot-part-2-kippo/

Jim’s Twitter: http://twitter.com/#!/jcollison

Contact Christian: christian@theaverageguy.tv

Contact the show at jim@theaverageguy.tv

Find this and other great Podcasts from the Average Guy Network at http://theaverageguy.tv

Music courtesy of Ryan King. Check out the Die Hard Cafe band and other original works at:
http://diehardcafe.bandcamp.com/http://cokehabitgo.tumblr.com/tagged/my-music