Honeypot Deployment for Educational Purposes at one University in Northern Luzon, Philippines

Abstract

All over the world, networks of all sizes are under attack daily. Modern firewalls, intrusion detection systems (IDS) and other detection and prevention tools are used to defend the networks against these malicious attacks. Traditionally, these tools were designed and built based on information from past attempts at breaking into a system, and from the stolen data. A different tool called honeypot was developed to capture the important information for improving the design of a firewall, IDS, anti-malware application or any other security solution. It is designed to reduce or eliminate the need for a system breach in order to learn the intentions, tools and procedures of the hackers in penetrating the system. A honeypot simply replicates a real network with fake data that a hacker will attempt to steal from. This paper analyzed the concept of honeypot with its functions and technology, which is becoming not just an important component in a layered system of protection against intrusions but also as valuable simulation resource for teaching security concepts in academic institutions like University of Luzon. Moreover, it implemented a Windows-based honeypot as additional learning tool for the teachers and students of its information security courses. Using combined criteria consisting of detection scope, emulation accuracy, quality of collected data, scalability and performance, reliability, extensibility, ease of use and setting up, embeddability, support and costs, the study deployed a low interaction, server-side type of honeypot appropriate for educational purposes at the University of Luzon. Furthermore, it presented honeypot’s configuration and deployment requirements and highlighted the features and functionalities as additional security tool by simulating attacks using vulnerability assessment and penetration testing tools including Kali Linux and Nessus.