Information about the Honey Pot

Information about the Honey Pot

Several people have asked about more information regarding our Honey pot. We have deployed our honey pot directly connected to the Internet with a non-descript basic webpage. In doing so, we are exposed to every computer probe and attack that finds its way to our IP. We are using turnkey cyber center software from Black Lab Security Systems that monitors and protects a standard workstation or server used as a honey pot. We do our best to protect the IP address of the honey pot to protect the integrity of what is detected. Cyber-probes and -attacks can be monitor in near-real time mode and quickly analyzed from the forensics evidenced gathered.

In simplest terms, enterprises would benefit from using a honey pot in on company registered IPs to analyze what probes and attacks are (1) finding enterprise systems directly connected to the Internet, (2) intruding enterprise’s demilitarized zone (DMZ), and (3) intruding an enterprises internal network or intranet.

Internal Network
Attacks to the internal network are the most serious and immediate action should be considered. Attacks, scans, and probes can come from both internal (e.g., the insider threat) or external.