I had the opportunity to speak at CarlinaCon 13 on HoneyPy and HoneyDB. The talk also made for a great opportunity to release a cool new in HoneyDB. It also gave me a deadline to force me to complete the new feature :-). So what is this new feature? Read on…
Update (5/24/2017): link to slides from CarolinaCon 13: https://drive.google.com/file/d/0B713haJ0VGmpVDVibmcxQjl5Tkk/view
Honeypots as a Service
That’s right, Honeypots as a Service, on HoneyDB you can now configure and deploy your own HoneyPy honeypot in the cloud. If you’ve ever wanted to run a honeypot, this is a very easy way to do it. You don’t need to worry about finding a server, installing/configuring the OS, and installing HoneyPy. With HoneyDB HaaS, all you need to do is select a region for deployment, configure HoneyPy (honeypy.cfg and services.cfg), and it is up and running. In addition, HoneyDB will allow you to filter the data so you can see just your honeypot data. Finally, it’s important to point out this will be a paid service, read on to find out why.
Why HaaS?
Why did I create this HaaS feature? HoneyDB has been running for several years on a really flakey cloud provider because it is super cheap. HoneyDB is starting to get lots of traffic and honeypot data is growing quickly. As a result, to ensure HoneyDB’s reliability it needs to be on more robust infrastructure. More robust infrastructure is not cheap. So I created HaaS as a way to raise money to support moving HoneyDB to more reliable infrastructure.
In a sense, this is an experiment. An experiment to determine the level of interest in honeypots and HoneyDB. For example, do you want to run a honeypot on the Internet, and would you pay a nominal fee if a service made it very easy to do? Also, if you leverage threat information from HoneyDB as part of your security operations, running your own honeypot is a great way to support the project and even contribute threat information back to HoneyDB.
Ok, what does it cost?
For each honeypot, $10 per month.
Initial Release
This initial release is very much an alpha or even pre-alpha release. The basic functionality is there, but there are UI improvements needed and I’m sure there are few bugs lurking around. However, here is what you can do:
- Request credits for running honeypots (currently not an automatic transaction).
- Create a new honeypot and select the region you want to run it in. Selectable deployment locations are US (NYC/SF), Canada (Toronto), Europe (London/Frankfurt/Amsterdam), India (Bangalore), and South East Asia (Singapore).
- Configure HoneyPy honeypot by editing the honeypy.cfg and services.cfg files.
- Start, stop, restart, or delete honeypots.
Use your HoneyDB API keys to configure your honeypots to contribute data back to HoneyDB. When logged into HoneyDB you can filter the data to see only your honeypot data.
To get started, go to https://riskdiscovery.com/honeydb/#login and login via Github or Twitter. Click the satellite icon to navigate to the HoneyPy Deploy page. Click “Request Credits” to buy honeypot credits. Once you’ve been notified that credits have been applied to your account click “Create new honeypot deployment”. Give your honeypot a name and select a region. Next, click the “Create” button —be patient after clicking Create, it may take a minute or two to complete creating your honeypot. The next step is to configure your honeypot. For a reference on how to configure HoneyPy, see my blog series on getting started with HoneyPy. In Part 1, skip to the section on configuring HoneyPy, and in Part 2 see the section on services. If you get stuck, please feel free to reach out to me. The best way to contact me for assistance is to use the HoneyDB Contact form.
Conclusion
This is just a quick post to kick things off with HoneyDB’s HaaS. There will be more to come, especially documentation and tutorials :-). I hope you are interested in supporting and participating in this project. Please do provide feedback as that will help make this a better project. I’m sure you will have fun running your own honeypot!
