Using Canary Honeypots for Detection
Abstract
A canary honeypot is a system that mimics a production system and is deployed to serve as an early detection mechanism in the event of a network breach. These honeypots can operate in two different formats; either as an exploitable or non-exploitable honeypot. In this chapter we discuss the difference between these types of honeypots, and discuss considerations for the practical deployment of honeypots for NSM detection. This includes discussion of several popular honeypot applications, such as Honeyd, Kippo, and Tom’s Honeypot, along with examples of their use. This chapter also briefly introduces the concept of Honeydocs, and how to create them.
Keywords
Network Security Monitoring; Detection; ...
Get Applied Network Security Monitoring now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.