Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Honeypot policy

From: Jeff Kell <jeff-kell () UTC EDU>
Date: Sun, 19 Jan 2014 22:05:25 -0500
On 1/19/2014 7:50 PM, John C. A. Bambenek, GCIH, CISSP wrote:

I am grappling with security policy concerns with having honeypots on
a campus network (DMZ). This is for research and a security class.  Do
you allow these on your campus networks or require them on external
provider/ISPs? If on campus, how did you deal with the policy issues?


Our network security group operates several such hosts, as well as a
"Darknet" space, which are within our public IP space, but internally
isolated from the campus network.

We also have a lab setup for what used to be the Advanced Network
Security lab (we call it the "virus lab"), which is used by a couple of
classes/instructors.  It is on an isolated VRF to separate it from the
campus network, it is then tunneled to our border, and operates on a
separate IP block from one of our commodity providers.  It is
essentially unfiltered (bypasses our ACLs, IPS, and other protections),
but restricted to commodity IPv4 access (no Internet2, etc).

Jeff
Previous By Date Next
Previous By Thread Next

Current thread: