Lead Image © Bruce Rolff, 123RF.com
Build a honeypot with real-world alerts
Seeing Is Believing
If you manage systems or get excited about security, like I do, you probably have an Intrusion Detection System (IDS), an ELK (Elasticsearch, Logstash, and Kibana) syslog server front end, performance monitoring, and a plethora of other dashboards. The first week your IDS or SIM is running, everyone watches it, trying to catch an invader in their enterprise. Then, when the sheer amount of data coming in overwhelms you, the systems are left to run in the dark recesses of your data center. During the 2013 hack of Target, numerous warnings from the IDS were ignored, which lead to a judge ruling in 2014 that banks could sue Target for losses [1].
In the medical field, this is called alert fatigue and is blamed for ignoring dangerous drug incompatibilities or even ignoring real health monitoring emergencies. You can help fight this by taking the alert off of the screen and into the real world with the following items:
- Raspberry Pi with SD card
- Rasp Pi Relay HAT [2] (Figure 1)
- Alarm: Anything with lights! I even used a light-up tin robot toy for a while
Figure 1: The Relay HAT for the Raspberry Pi lets you control
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
- Future Autonomous Machines Could Think Like Honey Bees
-
Using the MQTT IoT protocol for unusual but useful purposes
Although the MQTT protocol is usually associated with the Internet of Things, it also works in some very different situations, such as monitoring, for example. -
OpenCanary attack detection
The canary in a coal mine has made its way metaphorically into IT security with the OpenCanary honeypot for detecting attacks. -
A script for strict packet filter updates
Automatically create restrictive rules in Linux iptables packet filters. -
Customizing PortSentry
Do you have a sentry to keep an eye on your servers? We’ll show you how to customize PortSentry’s response to suspicious activity.