In a previous post I suggested you to build a proxy and content filtering solution based on a VMWare virtual machine, in this post I’ll redo the same thing: propose another VMWare appliance that you can mount on your VMWare server, configure and have a ready-to-go tool for your IT environment.
The tool we are going to describe today is a low interaction HoneyPot that will be a central point for your network and avoid spreading of malware and provide you useful information about attacks. This virtual machine, once configured, will act as a computer without patches, antivirus software and that holds sensitive information; this way of acting will attract attackers and malware, it will download a the binary files and study their behavior and provide useful information about the type of the attack, the entry point and so on.
First start downloading the appliance from this site and then read some interesting documentation on the Security Focus website; in this post I won’t provide all needed information about how to configure the virtual machine because this depends on how you want to configure the HoneyPot, in this blog post you can read how to mount the appliance you just downloaded and have it running in minutes.
Whe you have finished the mount of the virtual machine you can access it by using the following credentials:
Username = root Password = pass2cng