Raspberry Pi (R-Pi) computers are cheap and versatile enough to be used for creating an army of honeypots that could help businesses detect attacks or assess different methods cybercriminals could leverage to penetrate their systems.
Nathan Yee, a software engineering intern at ThreatStream, a company that gathers threat intelligence, has built a honeypot network out of Raspberry Pi systems with Dionaea, Kippo, Snort, and Conpot honeypot solutions deployed; everything was managed through the open source Modern Honey Network (MHN), which also allows automation of different tasks on the sensors.
The reason for choosing Raspebrry Pi for the project is quite simple and resumes to the investment a company has to make in order to deploy honeypots. “Raspberry Pi devices are cost effective, so it is realistic to add 30 network sensors, which would cost around $1,000 [€744],” Yee writes in a blog post.
He also made an easy-to-follow tutorial for loading Dionaea on an R-Pi device and adding it to an MHN system.
Internal honeypots come in handy because they act as bait for a potential intruder. These are systems with information specifically designed to lure in cybercriminals. As such, if a threat actor manages to penetrate the company’s systems, it is very likely that they would reach this part of the network in search of useful information.
“Organizations typically focus on monitoring inbound and outbound network traffic via firewalls, yet ignore internal network traffic due to the complexity involved. In the scenario above, a firewall will not protect or alert us,” Yee says.