HoneyPoint: A honeypot for Windows, Linux, or Mac OS X

HoneyPoint Security Server combines multiplatform support, unique features, and limitations

1 2 3 4 Page 4
Page 4 of 4

Administrators and users can be assigned in the console. Administrators have full control over the console, while users can only manage alerts assigned to them and generate reports. HoneyPoint is extensible through plug-ins, but the options are limited. MicroSolved cites Whois and Nmap as examples.

Most alert and configuration information is saved to a local, single-file database, although you have to remember to include any AlertX.txt files in your backups. Storing configuration information and alert data in the same database can present challenges if the administrator wants only to clear out the latter. MicroSolved suggests that administrators make a copy of the database immediately after configuration, before storing any alerts, so a configuration-only database can be restored in the future as a nearly blank template when old alerts are no longer needed.

HoneyPoint 3.00 comes with 10 built-in, HTML-formatted reports. These reports are very basic, and no other formats are available, but they're still better than most of the competition. Custom reporting can only be done using third-party SQL-based reporting tools.

46TC-honeypots-honeypoint-reports_0.gif

HoneyPoint Security Server is an interesting product with some good features, but I don't see any scenarios in which I would choose it over KFSensor or free Honeyd. Unless the host absolutely must be Linux or Mac OS X, KFSensor is a better choice in any environment.

Read the related articles:

This story, "HoneyPoint: A honeypot for Windows, Linux, or Mac OS X," was originally published at InfoWorld.com. Follow the latest developments in network security and read more of Roger Grimes' Security Adviser blog at InfoWorld.com.

Copyright © 2010 IDG Communications, Inc.

1 2 3 4 Page 4
Page 4 of 4