Jan 17 2013

HoneyDrive review by a honeypot enthusiast

Long time BruteForce Lab’s Blog reader and commenter “Black September” has written a very nice review on HoneyDrive which was posted as a comment. I took the liberty to share it with you more properly here:

Im mostly used to running High Interaction honeypots, they can be a fantastic source of information, but takes a lot of time configuring, monitoring and also a certain amount of risk. A honeynet of HI honeypots is not something i would recommend to beginners or to people with very little time on their hands.

I first tested HoneyDrive last year, in the end of november. when BruteForce Labs released the 0.1 version. My first impression of this simple to use and easy to manage distro totally changed my conception about medium and low interaction honeypots (http://bruteforce.gr/honeydrive#comment-2819).

The 0.1 version did not have any GUI options. This is not something im bothered about, but Ion actually pointed something very important out to me: “Most honeypots are not very easy to setup for the beginner infosec enthusiast or the new sysadmin and many times the process ends in frustration”. Thinking back on my first crash-and-burn-attempts i can only agree.

The HoneyDrive Santa Edition came out during christmas, this time they added a GUI – yes, you still gonna have to bring out the command line to do certain things, but there is also a myriad of tools that is managed trough an easy to use interface.

The learning curve for honeypots/honeynets is steep and long for a beginner. What BruteForce Labs have managed to do with the HoneyDrive releases is to make it more comprehensible and less steep for those who willing to learn.

Honeypots can be both tun and educating, just keep this in mind: you are inviting the attackers into YOUR network, even with medium and low interaction honeypots there is a risk of the attacker breaking out your virtual machine and getting a foothold. Treat the host machine as compromised and keep it segregated from your “real” network.

1aN0rmus over at TekDefense.com gave a really good and accurate description of the HoneyDrive:
“As Backtrack is to offense, and The Security Onion is to defense, HoneyDrive is the premier honeypot distro.”

I gave the first release of HoneyDrive 10/10, something i now regret.
Every new release of HoneyDrive is even better than the last one and i believe BruteForce Labs will keep impressing us in the future. Once again: thanks a million for all the hard work you put down!

HoneyDrive, you gotta love this!! 😀

More in Blog News
HoneyDrive 0.2 OVA file now available!
HoneyDrive 0.2 Nectar edition released!
FAQ added to HoneyDrive’s page
HoneyDrive review by TekDefense
A small fix in HoneyDrive’s README.txt