Re: honeywall/pot on same host

[David Watson <david () honeynet org uk>]

Mike Gilligan wrote:
> Hi list
> Could anyone weight in on or point me to a resource which confirms
> whether a single host can be used for the honeywall and honeypot systems
> or if it is recommended to have separate physical machines for each and
> why.

Mike,

If you are referring to the Honeynet Project's Honeywall CDROM, this is
intended to be a dedicated data capture / control host, using layer 2
ethernet bridging, so you would need separate host(s) for your honeypots.

However, if hardware availability is an issue, you can run VMWare (or
similar VM software) on a single host and then use multiple virtual
machines for your Honeywall, honeypots, etc. There are a number of
howto's available for such configurations (see http://www.honeynet.org
for more info).

Separating is for security - if a honeypot is compromised, you want to
avoid the attacker being able to escalate their privileges and
compromise your underlying data capture / control infrastructure too.
Separate physical servers is best, as virtualisation technologies do
bring some associated risks, but many people do use such configurations
(at least for development and testing).

Hope that helps.

Thanks,

David

-- 
David Watson
UK Honeynet Project
www.ukhoneynet.org
david () honeynet org uk