-
Notifications
You must be signed in to change notification settings - Fork 631
MHN Security
MHN contain two major components the MHN Server itself for management and deployment of honeypots and the actual honeypot installations themselves which are on separate systems or VM's.
The following ports need to be enabled and allowed by firewall rules on MHN server to function, all other ports can be blocked.
TCP:443 TCP:3000
MHN Server creates a self signed SSL certificate for basic HTTPS security at install time, using a real certificate is recommended in a production environment. This can easily be added to the NGINX config on the MHN Server.
The honeypot's and install scripts are all open source projects. We think there is very-low risk to using the default MHN honeypots on a corporate or enterprise network in a production security environment and have seen many companies so far do so.
What the user needs to consider: OS patching on the honeypot systems themselves is important and something that should not be ignored. Firewall rules on the honeypot system will reduce the information obtained so we do not recommend deploying firewall on the systems themselves. Some of the honeypot systems recognize ipv6 traffic like Dionaea, we recommend leaving ipv6 enabled for maximum detail.