Deployment of Honeypot for the Detection and Prevention of Systems Attacks

Table of Contents
Objective…………………….……………………………………………………………………………………………………………………………3
Requirement analysis...…………………………………………………………………………………………………………………………..4
Product comparison…..................................................................................................................................5

2
 Objective
As a financial organization Ltd has numerous online based services. In order to, find cyber security vulnerabilities and protect
these systems we want to implement a network deceptor. Network deceptor, also known as honeypots will entice an
attacker to compromise fake information systems and minimize the risks of attacks on IT systems and networks. Moreover,
we want to use Honeypots to analyze the ways attackers try to compromise our information system and to get valuable
insights into potential system loopholes.

A honeypot is a deception tool, designed to entice an attacker to compromise the information systems of an organization. A
honeypot can serve as an early-warning and an advanced security surveillance tool. It can be used to minimize the risks of
attacks on IT systems and networks. Honeypots can also be used to analyze the ways attackers try to compromise an
information system and to provide valuable insights into potential system loopholes.

The main objective of the honeypot are:

1. We can find out the vulnerable system and take action to fix them.
2. We can observe hackers in action and learn about their behavior.
3. Gather intelligence on attack vectors, malware, and exploits.
4. Create profiles of hackers that are trying to gain access the systems.
5. Improve security posture
6. Waste hacker's time and resources

Requirement analysis
The list of services that we would be need to deploy honeypot are:

1. SSH and Telnet

2. RDP
3. HTTP
4. HTTPS
5. FTP
6. SMTP
7. SNMP

Product comparison

Comparison of various honeypots are given below-

Platform Open
Services supported Log file Support Notification Capability
Support Source
SSS ,Telnet, RDP,
tpotce SMTP, SIP, TCP and
UDP
Yes, it encapsulates shell Session logs are stored in an UML
Cowrie SSH and Telnet attacks like login attempts and Compatible format for easy replay Yes
remote file downloads with the bin/play log utility.
RDPY RDP

3
4