https://heapspray.io/categories/defensive-security/ Recent content in Defensive Security on heapspray.io - a plethora of infosec garbage Hugo -- 0.152.2 en-us Sat, 03 May 2008 00:00:00 +0000 https://heapspray.io/posts/a-honeypot-solution-from-start-to-finish/ Sat, 03 May 2008 00:00:00 +0000 https://heapspray.io/posts/a-honeypot-solution-from-start-to-finish/ <p>| <strong>Operating System and tools</strong> | Pick an operating system with which you&rsquo;re comfortable. A lot of *nix junkies out there will heckle you about which distro is best, especially when it comes to running security tools; and whilst I agree with the principle that a good solid distro will improve your machine&rsquo;s robustness and prevent a malicious attacker from turning your security tools against you, let&rsquo;s be realistic: there isn&rsquo;t a single distro, operating system or device out there that can&rsquo;t be exploited. This is not always due to the shortcomings of the developer, or administrator, or what have you: it is the result of a complex balance between security, functionality, communication and logistics. So what I say is, pick *one* distro and get to know it very well. Make sure it can patched on a regular basis and that any remote communication you set up with it is secured (encrypted, with a long password or certificate for authentication). For this example, I&rsquo;m going to use an Ubuntu box, honeyd, swatch and ruby to set up the honeypot and monitoring systems.</p>