Towards Simulating a Virtual Distributed Honeynet at KFUPM: A Case Study

In recent years, there has been a growing interest in information protection and security for large organizations. This has led to a growing demand for more aggressive forms of security to complement the existing techniques. One of these security methods involves the use of distributed honey nets. Honey nets are network systems deployed for the sole purpose of being compromised, in order to assess adversaries. In this paper, we conduct a comprehensive survey for implementing distributed honey nets and explain their architecture and design. We also present our experience in simulating a virtual distributed honey net environment at King Fahd University of Petroleum and Minerals (KFUPM) using Honey wall CDROM, Snort and Sebek tools. Our experience shows that Honey wall CDROM proved to be a solid tool that is capable of capturing great deal of information and assisting in analyzing traffic on the distributed honey pots. The honey net designer, nevertheless, needs to consider few issues related to scalability and resource utilization.