Honeywall
The purpose of the Honeywall CDROM is to make it easier to deploy, manage, and derive value from honeynet technologies. There are two versions of the Honeywall CDROM, "Roo" and "Eeyore". Released in May, 2003, Eeyore was the first version, a prototype that is considered End Of Life and no longer supported. The new version, Roo, was released in May, 2005. Roo is considered a production release and is based on our new GenIII (third generation) technologies. The enhancements of Roo include Fedo\ra Core 3 OS base for easier administration and automated updating, a GUI based interface for system configuration, administration, and data analysis, and support for the new 3.x branch of Sebek.
Rapid Incident Response — CDROM
- Bootable CDROM distribution
- Minimal hardware requirements
- Real-time monitoring
- Instantly decrypted SSH and SSL sessions
- Complete file content recovery
- Keystroke logging
In-line Intrusion Detection System — SNORT
Data Fusion — HFLOW- ARGUS traffic accounting
- P0F OS fingerprinting
- SNORT/SEBEK data synthesis
- Real-time
- Multi-sensor capable
- Cross-source event tracking
For more information on the Advanced Network Management Lab, part of the Pervasive Technology Labs at Indiana University, or the Honeywall technology, see http://anml.iu.edu/ or http://www.honeynet.org/tools/cdrom/