HoneySens is an open platform to deploy and manage various honeypots on a variety of hardware and software architectures. While being released under the Apache 2.0 license, a commercial license with technical support can be obtained from T-Systems MMS.
The following topics are meant to give an introduction to the HoneySens design goals, architecture, deployment and operation.
Traditional defenses in IT security try to detect and mitigate threats as fast and efficient as possible in an attempt to reduce damage to infrastructure, assets and confidential data. Anti-virus software and Intrusion Detection Systems are widespread examples for that.
For a quick glance on what HoneySens has to offer we prepared a bunch of preconfigured Docker images that can be utilized to quickly set up a demo environment. Please be aware that these images should never be used in production!
When deploying HoneySens, planning ahead can prevent serious headaches later. This document thoroughly explains some of the assumptions HoneySens was built on and the subsequent requirements one has to consider when planning to set up a HoneySens installation.
This section describes the initial steps necessary to deploy HoneySens in any IT infrastructure. We will set up, prepare and configure the server components. Please consult Preparation first as a checklist and to understand how a HoneySens deployment could look like in practice.
This document describes the deployment of both dockerized and “physical” sensors. We assume that the server was set up beforehand and is running properly. Deploying new sensors generally involves the following steps, which will be explained more thoroughly in the upcoming chapters:
A sensor by itself doesn’t perform any tasks other than regularly polling the server for configuration updates. To gain value from a sensor, operators have to deploy services to add interactivity.
In its primary role HoneySens sensors act as early-warning systems that publish honeypot services to attract and report potential network-based attacks, which are reported as events. This section will show how these events can be examined and how the event list can be kept clean by filtering out false positives.
When new HoneySens releases get published, all involved components have update paths from one version to the next.