KFSensor: Sweet Windows honeypot

Longtime best-of-breed intrusion detection solution remains feature-rich, easy to use, and actively maintained

Become An Insider

Sign up now and get FREE access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content. Learn more.

I've been a huge fan of KFSensor for many years. It has been at the top of the honeypot class for nearly a decade, and I was eager to see how it stacked up to improving competition, notably HoneyPoint Security Server, as well as free open source Honeyd.

Unlike most honeypot solutions, which eventually become neglected, KFSensor has been maintained and updated by creator Tom Wright since it was launched in 2003. It has long been the easiest honeypot program to install, with the most elegant and fuss-free GUI, and its feature set established the gold standard that other honeypot programs had to match. KFSensor is still the gold standard.

I reviewed the latest version, KFSensor Professional 4.7.0. Installation was as simple as downloading the install file, executing, and choosing Next, Next, Next. The installation routine even prompts you to accept or download WinPcap, which allows KFSensor to capture and display attacks with packet-level detail. KFSensor is a Windows-only program.

There are three main KFSensor versions: Standard, Professional, and Enterprise. You can compare features of the different KFSensor versions at the KeyFocus website. The Enterprise version includes a centralized management console and other features that make managing multiple honeypots across a larger enterprise easier to do. You can download a free trial version of KFSensor Professional. All versions can be installed as a user-mode program or system service.

To continue reading this article register now