Honeypot and forEnsic Analysis Tool

Honeypot and forEnsic Analysis Tool

Infobox_OS
name = HEAT


caption = HEAT
developer = Vijay Vikram Shreenivos
family = Linux
source_model = Open source

Honeypot and forEnsic Analysis Tool or HEAT in short is a Live CD based on KNOPPIX S-T-D distro and Tiny Honeypot by George Bakos. This tool is primarily a Honeypot for monitoring networks for unauthorized intrusions on information systems. It also doubles up as a Forensic tool to perform analysis on the captured data. This tool is licensed under GNU GPL.

The tool is a complete environment for testing networks and using the results to perform forensic analysis of the data. This environment provides a solid platform for development, and vulnerability research. The majority of the tool is composed of components written in Shell code and Perl

This project was done by Vijay Vikram Shreenivos as a part of his final term project dissertation at James Cook University Singapore [http://en.wikipedia.org/wiki/James_Cook_University]

System Requirements

The system requirements for deploying HEAT are minimal as the entire distribution runs off a Live CD. The hardware requirements are as follows
# Pentium 150 MHz or superior
# Hard disk IDE or SCSI (minimal size 512MB)
# Minimal 64MB RAM
# 1 CDROM Drive
# 1 NIC

Anything more is a bonus for running the tool.

Installation

Installation of HEAT is available in three formats

# Live CD
# VMWare Image
# Tarball

The Live CD boots the machine to desktop and users can run the "install.sh" program of the HEAT tool available in the "/usr/bin" folder. This will create the nescessary directories for capturing information. An user can add the services details in the "/etc/inetd.conf" and "/etc/services" to start the Honeypot program to emulate services. A configuration file is generated for users to make changes accordingly like choosing which interface is listening to the data, logging of packet data and available services for emulating.

Services Emulated

Some of the service versions emulated by the Honeypot are

FTP server

# Version wu-2.6.0(1)
# BSDI Version 7.00LS)
# PFTP 0.13
# FTPd Server
# Microsoft FTP Service (Version 4.0 /5.0)

HTTP Service

# IIS5.0 Microsoft Internet Information Services v 5.0
# Apache

SMTP Service

# Sendmail 8.9.3/8.9.3/Debian
# Microsoft Exchange Mail Service

Shell access

SSH ver 1 and 2

References

1. KNOPPIX S-T-D distro [http://s-t-d.org]
2. Tiny Honeypot [http://www.alpinista.org/thp/]
3. James Cook University [http://www.jcu.edu.sg]


Wikimedia Foundation. 2010.

Игры ⚽ Поможем сделать НИР

Look at other dictionaries:

  • Computer surveillance — This article is about surreptitious monitoring of computer activity. For information on methods of preventing unauthorized access to computer data, see computer security. Computer surveillance is the act of performing surveillance of computer… …   Wikipedia

  • Internet privacy — involves the right or mandate of personal privacy concerning the storing, repurposing, providing to third parties, and displaying of information pertaining to oneself via the Internet. Privacy can entail both Personally Identifying Information… …   Wikipedia

  • Spyware — is a type of malware that can be installed on computers, and which collects small pieces of information about users without their knowledge. The presence of spyware is typically hidden from the user, and can be difficult to detect. Typically,… …   Wikipedia

  • Rootkit — A rootkit is software that enables continued privileged access to a computer while actively hiding its presence from administrators by subverting standard operating system functionality or other applications. The term rootkit is a concatenation… …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”