Honeypots mailing list archives
Re: honeywall/pot on same host
From: David Watson <david () honeynet org uk>
Date: Wed, 27 Sep 2006 15:55:20 +0100
Mike Gilligan wrote:
Hi list Could anyone weight in on or point me to a resource which confirms whether a single host can be used for the honeywall and honeypot systems or if it is recommended to have separate physical machines for each and why.
Mike, If you are referring to the Honeynet Project's Honeywall CDROM, this is intended to be a dedicated data capture / control host, using layer 2 ethernet bridging, so you would need separate host(s) for your honeypots. However, if hardware availability is an issue, you can run VMWare (or similar VM software) on a single host and then use multiple virtual machines for your Honeywall, honeypots, etc. There are a number of howto's available for such configurations (see http://www.honeynet.org for more info). Separating is for security - if a honeypot is compromised, you want to avoid the attacker being able to escalate their privileges and compromise your underlying data capture / control infrastructure too. Separate physical servers is best, as virtualisation technologies do bring some associated risks, but many people do use such configurations (at least for development and testing). Hope that helps. Thanks, David -- David Watson UK Honeynet Project www.ukhoneynet.org david () honeynet org uk
Current thread:
- honeywall/pot on same host Mike Gilligan (Sep 27)
- Re: honeywall/pot on same host David Watson (Sep 27)
- <Possible follow-ups>
- RE: honeywall/pot on same host William Woodhams (Sep 27)