In the May 19 edition of this newsletter, I discussed the new Honeywall CD-ROM available from the Honeynet Project. The Honeywall CD-ROM is based on a trimmed-down version of Linux and is configurable both before and after boot-up. You can add items you might need or make configuration changes to suit your environment. For example, you could add Secure Shell (SSH) keys, set your IP address preferences, and so on, then burn a CD-ROM so that when you boot to the CD-ROM, your system is configured and ready for use.
You can download a copy of the CD-ROM image (at the URL below, about 50MB in size,) from the Honeynet Project Web site. On July 20, the Honeynet Project announced a subscription program that serves as a way for you to support the project and gain some added value at the same time. For an annual contribution of $150 for corporations or $75 for individuals, the project mails in March and September a copy of the most recent Honeywall CD-ROM; another CD-ROM containing updated whitepapers, tools, and documentation; and a print newsletter that contains "all the new work that has occurred in the past six months." The subscription sounds like a great way to give something back to the project in exchange for its hard work in providing great tools and information to help you with your security endeavors.
Using a honeypot or network of honeypots can be helpful in learning how and why intruders attempt to penetrate your network. One of this month's SANS Institute Webcasts might address the use of honeypots. On August 11, Johannes Ullrich will present "Internet Storm Center: Threat Update," which "discusses recent threats observed by the Internet Storm Center, and discusses new software vulnerabilities or system exposures that were disclosed over the past month." The Webcast might help you more readily detect various activities trapped by your honeypots or by your other Intrusion Detection Systems (IDSs).
SANS Internet Storm Center helps track new threats, gathers information about those threats, and presents its findings to the public at the related Web site. Readers often contribute information that can help provide loads of useful details about the latest threats that might otherwise be harder to obtain, and sometimes you find links to other sites that have even more detailed information. If you haven't visited the Internet Storm Center Web site, you might consider doing so to help better understand the current trends in network attacks.
http://www.incidents.org or http://isc.sans.org