The project started as a way for me to figure out how to implement a honeypot on a server. I eventually settled on using T-Pot as my open-source honeypot of choice due to its support for a wide variety of platforms and its comprehensive dashboard. In order to securely host the honeypot, I spun up a virtual Debian 11 instance using AWS EC2.
Pre-requisites:
- AWS account (to spin up EC2 instance)
- Git (to pull the GitHub repo)
- SSH client (in my case, Terminal)
Timeline:
-
To begin, I spun up an EC2 instance purely meant to host the honeypot. Security considerations meant having a remote, virtual server via cloud services separate from any local instance was the best option. Using the recommended instance type and RAM requirements, I created the instance with a Debian 11 image, with configured firewall rules to allow malicious actors to "attack" the system.
-
Next, using my Terminal, I SSH-ed to my instance using the key-pair created earlier.
-
On my virtual machine, I then pulled the GitHub repository of T-Pot and installed the honeypot on the machine. This was the commands used:
sudo apt update -y sudo apt install git -y git clone https://github.com/telekom-security/tpotce cd tpotce/iso/installer/ sudo ./install.sh --type=user -
Following the instructions on the installation of T-Pot, I set up the honeypot platform on the Debian instance.
-
Once installed, I can access the dashboard locally on the machine. Here are some of the features available on T-Pot:
The attack map allows administrators to see the source of the attacks on the honeypot (though it is likely to be spoofed locations)
The comprehensive dashboard summarises the attacks on the honeypot:
Thoughts:
- This exercise allowed me to explore more amazing open-source tools in the world of security, this time with a common defense tactic: honeypots.
- Furthermore, I was able to practice the setting up and configuration of EC2 instances
Thank you for reading!🍯