Upload
scribd1com
View
225
Download
0
Embed Size (px)
Citation preview
7/21/2019 Huong Dan Cai Dat Honeynet
1/40
Figure 1. General Architecture
1- Configure Honeywall:
Booting Up
1 .Start the Honeywall Virtual Machine and boot it with Honeywall CDROM. Boot loader with The HoneynetProject slash screen should aear. !t this oint the syste" will #o into a ause$ lettin# you interact with theinstallation rocess. %& you ress the 'nter button$ the syste" will o(erwrite the e)istin# hard dri(e and be#in thinstallation rocess.
Hit Enterto install.
7/21/2019 Huong Dan Cai Dat Honeynet
2/40
Once the installation be#ins it is a &ully auto"ated rocess$ there is no need to interact with the the installation&ro" this oint on.
!&ter the installation is co"lete$ the syste" will auto"atically reboot. *hen it reboots$ alter the boot order +tohard dri(e &irst$ then CD, or ta-e the CDROM out to re(ent another install cycle &ro" be#innin#. !&ter thesyste" reboots$ your installation is co"lete and will be resented with a co""and line lo#in ro"t. our hadri(e now has a "ini"i/ed and hardened 0edora Core oeratin# syste" with Honeywall &unctionality. !t thisoint you can lo#in and be#in the standard con&i#uration rocess. The Honeywall co"es with two de&aultsyste" accounts$ rooand root. Both share the sa"e de&ault assword honey$ which you will want to chan#eri#ht away. ou cannot lo#in as root$ so you will ha(e to lo#in as roothen su-.
7/21/2019 Huong Dan Cai Dat Honeynet
3/40
2 . First Login Message
*hen you lo#in to Honeywall &or the &irst ti"e$ it #i(es an alert sayin# that your Honeywall is not yet con&i#uredand reco""ends usin# the Honeywall Con&i#uration otion on the "ain "enu. Select OKto roceed.
3- Honeywall Configuration :Main "enu allows you to #o throu#h Honeywall Con&i#uration. Select HoneywaCon&i#uration otion &ro" the Main Menu and hit Enter.
7/21/2019 Huong Dan Cai Dat Honeynet
4/40
4- Limitation of Liability Message
2i"itation o& 2iability "essa#e aears be&ore recedin# the installation. There are ris-s in(ol(ed in Honeynetas well as Virtual Honeynet deloy"ent. !s we are deloyin# a Virtual Honeynet$ there can be ris-s in(ol(ed iit. %& an attac-er is able to co"ro"ise the oeratin# syste" on which (irtuali/ation so&tware is runnin#$ hewould be able to control the whole syste". Secondly$ i& an attac-er co"ro"ises the syste" in your VirtualHoneynet$ he "ay be able to detect that the syste" is runnin# in a (irtual en(iron"ent. ou "i#ht want to try
VMware 0in#errintin# Counter Measuretoolde(eloed by0rench Honeynet Projectwhich "a-es the VMwadetection di&&icult by "odi&yin# the de(ices na"es$ PC% (endor$ and de(ice %D. ou can re&erence the 3now o'ne"y4 Honeynetsaer &or learnin# "ore about the ris-s. Read and clic-es&or the ac-nowled#e"ent.
http://www.securityfocus.com/archive/119/349385http://honeynet.rstack.org/tools/vmpatch.chttp://honeynet.rstack.org/tools/vmpatch.chttp://honeynet.rstack.org/tools/vmpatch.chttp://honeynet.rstack.org/http://honeynet.rstack.org/http://www.honeynet.org/papers/honeynet/http://www.honeynet.org/papers/honeynet/http://www.honeynet.org/papers/honeynet/http://www.securityfocus.com/archive/119/349385http://honeynet.rstack.org/tools/vmpatch.chttp://honeynet.rstack.org/http://www.honeynet.org/papers/honeynet/http://www.honeynet.org/papers/honeynet/7/21/2019 Huong Dan Cai Dat Honeynet
5/40
5- !nitial "etup Met#o$
%nitial Setu Method "enu allows you to select the installation "ethod. %t ro(ides three "ethods &or con&i#urinthe Honeywall 5 0loy$ De&aults$ and %nter(iew.
Floppy"ethod &etches the Honeywall con&i#uration +honeywall.con&, &ro" the &loy dis-. This "ethod is use&or deloyin# lar#e nu"ber o& Honeywalls &aster.
%efaults"ethod restores the Honeywall to &actory de&ault con&i#uration. This uses the de&ault honeywall.con&con&i#uration &ile that co"es with the syste".
!nter&iew"ethod as-s you series o& 6uestions &or con&i#urin# the Honeywall. %& you are con&i#urin# Honeywa&or the &irst ti"e$ it is reco""ended to use this otion.
Select !nter&iewand hit Enter.
http://www.honeynet.org/tools/cdrom/roo/manual/txt/honeywall.confhttp://www.honeynet.org/tools/cdrom/roo/manual/txt/honeywall.conf7/21/2019 Huong Dan Cai Dat Honeynet
6/40
Read the !nitial "etup "essa#e and hit Enterto roceed.
6- Honeynet 'ubli( !' )$$ressesTye the ublic %P addresses &or the honeyots. These are the %P addresses which attac-ers will attac-. HitEnterto roceed.
Tye the Honeynet networ- in C%DR +Classless %nter5Do"ain Routin#, notation. Hit Enterto roceed.
7/21/2019 Huong Dan Cai Dat Honeynet
7/40
Tye the broadcast address &or honeyots ublic %P addresses. Hit Enterto roceed.
7- Select OKto roceed con&i#urin# re"ote "ana#e"ent.
7/21/2019 Huong Dan Cai Dat Honeynet
8/40
8- Management !nterfa(eThird inter&ace will be used &or re"ote "ana#e"ent. ou will be able to re"otely "ana#e your Honeywallthrou#h SSH and *alleye web inter&ace.
Selectesto con&i#ure "ana#e"ent inter&ace.
Honeywall will auto"atically detect et#*&or "ana#e"ent inter&ace. Hit Enterto roceed.
Tye the %P address o& the "ana#e"ent inter&ace and hit Enter.
7/21/2019 Huong Dan Cai Dat Honeynet
9/40
Tye the networ- "as- o& the "ana#e"ent inter&ace %P and hit Enter.
Tye the de&ault #ateway &or the "ana#e"ent inter&ace %P and hit Enter.
7/21/2019 Huong Dan Cai Dat Honeynet
10/40
Tye the D7S do"ain &or "ana#e"ent %P and hit Enter.
Tye the %P addresses o& D7S ser(er that "ana#e"ent inter&ace will use and hit Enter.
Selectesto acti(ate "ana#e"ent inter&ace.
7/21/2019 Huong Dan Cai Dat Honeynet
11/40
Selectesto start "ana#e"ent inter&ace on ne)t boot.
9- Configure ""HSelectesto con&i#ure SSH.
7/21/2019 Huong Dan Cai Dat Honeynet
12/40
Tye the ort on which you want SSHD to listen and hit Enter. By de&ault it listens on ort 88.
Tye in the user na"e you want to re"otely lo#in with. Hit Enter.
Selectesto chan#e new user9s assword.
7/21/2019 Huong Dan Cai Dat Honeynet
13/40
Tye in the new assword and hit Enter. %t will as- to enter it a#ain &or con&ir"ation.
Hit Enterto roceed.
7/21/2019 Huong Dan Cai Dat Honeynet
14/40
Selectesto chan#e root9s assword.
Tye in the new assword and hit Enter. %t will as- to enter it a#ain &or con&ir"ation.
7/21/2019 Huong Dan Cai Dat Honeynet
15/40
Hit Enterto roceed.
SSHD autostart otion will let enable : disable to auto"atic startu o& SSHD at boot. Selectesto enable theSSH at startu and hit Enter.
7/21/2019 Huong Dan Cai Dat Honeynet
16/40
7/21/2019 Huong Dan Cai Dat Honeynet
17/40
'nter sace deli"ited list o& %P addresses or networ-s that can access the "ana#e"ent inter&ace. %t is
reco""ended to allow seci&ic trusted %P addresses &or "ana#in# the Honeywall. Tye the %P address and hitEnter.
Selectesto enable *alleye *eb
7/21/2019 Huong Dan Cai Dat Honeynet
18/40
Restrict the &irewall &ro" "a-in# any outbound connections. Selectesand hit Enter.
Seci&ically enter the TCP orts you want to allow &or outbound connections &ro" the "ana#e"ent inter&ace.Tye the orts and hit Enter.
7/21/2019 Huong Dan Cai Dat Honeynet
19/40
'nter the =DP orts you want to allow &or outbound connections &ro" the "ana#e"ent inter&ace. Tye the orand hit Enter.
7/21/2019 Huong Dan Cai Dat Honeynet
20/40
10 - Select OKto roceed con&i#urin# outbound control li"its.
11- Configure Outboun$ Conne(tion Limits
!s you -now tyically we allow anythin# inbound to the honeyots$ but li"it outbound connections. Theconnection li"itin# "enu will let you set the li"it &or outbound connections. So that once a li"it has been "et&or outbound connections$ all &urther atte"ts are bloc-ed$ re(entin# the co"ro"ised honeyot &ro" har"inother syste"s.Connection li"itin# otion #i(es you &i(e scales &or li"itin# outbound connections.
Second > er second ti"e scale will be alied on connection li"it.Minute > er "inute ti"e scale will be alied on connection li"it.Hour > er hour ti"e scale will be alied on connection li"it.Day > er day ti"e scale will be alied on connection li"it.
Month > er "onth ti"e scale will be alied on connection li"it.0or e)a"le i& you set TCP li"it to ? outbound connections er hour. This will allow an attac-er to "a-e ? TCPoutbound connections in an hour. Once this li"it is reached$ he won@t be able to "a-e any "ore connections.The li"it will be reset a&ter an hour.Tye the scale and hit Enter.
7/21/2019 Huong Dan Cai Dat Honeynet
21/40
'nter the li"it &or TCP outbound connections and hit Enter.
Tye the li"it &or =DP outbound connections and hit Enter.
7/21/2019 Huong Dan Cai Dat Honeynet
22/40
Tye the li"it &or %CMP outbound connections and hit Enter.
Tye the li"it &or other rotocols outbound connections and hit Enter.
12- Configure "nort !nlineSnort %nline lets you dro$ reject$ and relace -nown attac-s.
Selectesto con&i#ure the &irewall to send ac-ets to snort inline and hit Enter.
7/21/2019 Huong Dan Cai Dat Honeynet
23/40
Select action you want snort inline to ta-e on ac-ets that "atch the rules. Select %ropand hit Enter.
13- Configure FilteringHoneywall o&&ers (arious ac-et &ilterin# &eatures$ which ro(ides &urther data control caabilities.
Blac- list > Dros %P addresses and C%DR bloc-s without lo##in#.*hite list > !llows %P addresses and C%DR bloc-s without lo##in#.0ence list > Protects %P addresses and C%DR bloc-s &ro" any honeyots #ettin# access to.Roach "otel > Disallows all outbound tra&&ic &ro" honeyots.
Tye na"e o& &ile containin# blac-list and hit Enter.
7/21/2019 Huong Dan Cai Dat Honeynet
24/40
Tye na"e o& &ile containin# whitelist and hit Enter.
Selectes to enable Blac- list and *hite list &ilterin# and hit Enter.
7/21/2019 Huong Dan Cai Dat Honeynet
25/40
Tye na"e o& &ile containin# &encelist and hit Enter.
2et9s not enable 0ence list &or now. Select +o to disable 0ence list &ilterin# and hit Enter.
2et9s not enable Roach "otel as well. Select +o to disable Roach "otel "ode bloc-in# and hit Enter.
7/21/2019 Huong Dan Cai Dat Honeynet
26/40
14- Select OKto roceed con&i#urin# D7S acti(ity o& honeyots.
15- Configure Honeypots %+" )(ti&ityD7S li"itin# will let you con&i#ure the D7S access &or your honeyots. ou wouldn@t want your honeyots to"a-e unli"ited D7S connections anywhere.
2et9s allow honeyots to ha(e unli"ited D7S access. Selectesand hit Enter.
7/21/2019 Huong Dan Cai Dat Honeynet
27/40
2et9s not restrict seci&ic honeyots to ha(e unli"ited access to an e)ternal D7S ser(er. Select +oand hitEnter.
But let@s restrict honeyots to ha(e unli"ited access to seci&ic e)ternal D7S ser(ers. Selectesand hit Ente
7/21/2019 Huong Dan Cai Dat Honeynet
28/40
Tye D7S ser(ers to which you want honeyots to ha(e unli"ited access. Selectesand hit Enter.
16- Select OKto roceed con&i#urin# re"ote alertin#.
17- Configure ,emote )lerting'"ail alerts will noti&y you when so"eone brea-s into your honeyots.
Selectesto enable e"ail alerts and hit Enter.
7/21/2019 Huong Dan Cai Dat Honeynet
29/40
'nter an e"ail address to recei(e alerts and hit Enter.
Selectesto enable alertin# to start auto"atically at boot and hit Enter.
18- Configure "ebe .ariables
7/21/2019 Huong Dan Cai Dat Honeynet
30/40
Sebe- is a data cature tool desi#ned to cature the attac-ers acti(ities on a honeyot. %t has two co"onentsThe &irst is a client that runs on the honeyots$ its urose is to cature all o& the attac-ers acti(ities+-eystro-es$ &ile uloads$ asswords, then co(ertly send the data to the ser(er. The second co"onent is theser(er which collects the data &ro" the honeyots. The ser(er nor"ally runs on the Honeywall #ateway. Thenew
7/21/2019 Huong Dan Cai Dat Honeynet
31/40
Select )((ept an$ Logand hit Enter.
19- Finis#ing Up'nter the hostna"e o& your Honeywall and hit Enter.
7/21/2019 Huong Dan Cai Dat Honeynet
32/40
Con#ratulations ou ha(e just &inished the Honeywall setu. Select OKto reboot the syste".
ou will see Honeywall loadin# (arious ser(ices.
Once ser(ices are loaded$ con&i#uration "enu will be aeared.
7/21/2019 Huong Dan Cai Dat Honeynet
33/40
20- Maintaining the Honeywall Quan trong
After Honeywall is installed, key issue is to aintain it !ro!erly. "#e new Honeywall $i%es you t#reeo!tions for &onfi$urin$ and aintainin$ your installation.
'ialo$ (enu ) *t is t#e &lassi& interfa&e to adinisterin$ t#e Honeywall +'(. "#e new %ersion i%ery siilar to t#e older one, e&e!t it #as new features added. /e #a%e already &onfi$ured ourHoneywall usin$ 'ialo$ (enu in !er%ious ste!s. *t &an e loaded y ty!in$ enu on s#ell.
enu
H/+" ) *t is a !owerful &oand line utility t#at allows you to &onfi$ure t#e syste %ariales usey %arious !ro$ras, and t#e aility to startstart ser%i&es. "#e ad%anta$e wit# t#is tool is you &ansi!ly odify t#e e#a%ior of t#e syste at t#e &oand line %ia lo&al or H a&&ess. ollowin$ arsoe ea!les taken fro an file.
#ow all %ariales &urrently set wit# A( :A; for ?
#w&tl -a
@ust !rint on standard out!ut t#e %alue of HwH"A(?
#w&tl -n HwH"A(
et all four &onne&tion rate liits and restart any ser%i&es t#at de!end on t#ese %ariales?
#w&tl -r Hw"+A"20 Hw;'A"10 Hw*+(A"30 Hw"HA"10
oad a &o!lete new set of %ariales fro etoneywall.&onf and for&e a sto! efore an$in$%alues, and a start afterwards?
7/21/2019 Huong Dan Cai Dat Honeynet
34/40
# hwctl -R-f /etc/honeywall.conf
/alleye ) *t is t#e B;* we ased interfa&e &alled /alleye. "#e #oneywall runs a weser%er t#at &an
e reotely &onne&ted to o%er a &onne&tion on t#e ana$eent interfa&e. "#is B;* allows t#euser to &onfi$ure and aintain t#e syste usin$ a si!le !oint and &li&k a!!roa. *t #as an e!andinenu akin$ it easy to a&&ess and %isualiCe all t#e inforation. *t also &oes wit# ore in-de!t#e!lanations of t#e different o!tions. *t also #as different roles, allowin$ or$aniCations to &ontrol w#o&an a&&ess w#at t#rou$# t#e B;* de!endin$ on t#e role t#ey #a%e een assi$ned. "#e !riaryad%anta$e of /alleye is its u easier to use t#en t#e ot#er two o!tions. "#e disad%anta$e is it &anne used lo&ally, ut reDuires a 3rd network interfa&e on t#e #oneywall used for reote &onne&tions."#e we-ased B;* &urrently su!!orts eit#er *nternet !lorer or irefo rowsers.
et=s laun t#e rowser and !oint it to ana$eent interfa&e * address, #tt!s?ana$eenti!.
Login with !er "ae$ roo an% &a!!wor%$ honey.
7/21/2019 Huong Dan Cai Dat Honeynet
35/40
*hen you lo#in to *alleye &or the &irst ti"e$ it will as- to chan#e assword.
7/21/2019 Huong Dan Cai Dat Honeynet
36/40
Data !nalysis inter&ace will be dislayed a&ter you ha(e success&ully lo##ed in.
7/21/2019 Huong Dan Cai Dat Honeynet
37/40
yste Adin interfa&e lets you ana$e your Honeywall t#rou$# /e.
7/21/2019 Huong Dan Cai Dat Honeynet
38/40
2- '(i )*t +( c,u hnh ee '(i )*t trn c3c Honey4ot5$a5 '(i )*t
+#En$ ta t#F& #iGn &i IJt eek &lient trKn &L& #oney!ot n#M t#F& #iGn t#n#Nn &L& #n# IOn$ &Pa #a&ker trKn tQn$ #oney!ot.
+i IJt eek &lient trKn #G IiRu #n# /*'/- "Si tG! tin eek ) /in32 ) 3.0.4.Ci!
- BiSi nTn tG! tin % Uy tG! &i IJt etu!.ee
- au k#i &i IJt on$, t#F& #iGn &Vu #Wn# t#Xn$ Dua YZn$ trWn
+onfi$uration /inCard.ee +i IJt eek &lient trKn #G IiRu #n# *;_ ' HA" 9.0- "Si tG! tin seek ) linu ) 3.0.3.tar.$C
- "#F& #iGn DuL trWn# &i IJt
tar )Cf seek-linu-3.0.3.tar.$C&d seek-linu-3.0.3
7/21/2019 Huong Dan Cai Dat Honeynet
39/40
.&onfi$ureakeake install- `uL trWn# &i IJt tUo ra tG! seek ) linu ) 3.0.3 ) in.tar, t#F& #iGn ti
%iG& &i IJt"ar )f seek-linu-3.0.3-in.tar+d seek-linu-3.0.3-in- bt t#E& DuL trWn# &i IJt, t#F& #iGn s#ell skcinstall.s#
.skcinstall.s#
Ch :"rY& k#i t#F& #iGn s#ell skcinstall.s# En$ ta !#Si t#F& #iGn sa Ii ndun$ &Pa tG! ny t#eo &L& t#a s[ &i IJt o eek &lient
5 ',u hnh'Yi Igy l Ot s[ t#a s[ &Z Sn s dhn$ &Vu #Wn# o eek &lient * Cu hnh trn Linux :
----- '"*A"*c*?---------- sets destination * for seek !a&kets-----6789"A89:";9&[email protected]= CDa chE n(y 4hi trng +i )Da chE
9& hai 3o I Jc ee hi c,u hnh Honeywall----- '"*A"*c(A+?---------- sets destination (A+ addr for seek !a&kets-----6789"A89:";MA'
7/21/2019 Huong Dan Cai Dat Honeynet
40/40
* Cu hnh trn Windows :
Hnh 2.11- Cu hnh Sebek Client trn Windows