The purpose of this section is to give you an overview of what the Honeywall is and how it works. Please submit all bugs/corrections for this documentation or the Honeywall CDROM to our Bugzilla Server.

Last Modified: 16 August, 2005

1. General Overview

1. Purpose
2. Whats New
3. Background Information

1.1 Purpose
The purpose of the Honeywall CDROM is to make honeynet deployments simple and effective, especially for large, distributed environments. The CDROM accomplishes this by automating the process of deploying a honeynet gateway, also known as a Honeywall. The CDROM also provides you tools to easily configure, maintain, and analyze the solution after it has been deployed. The Honeywall is often the most critical and complex element of any successful honeynet deployment. Its purpose is to capture, control, and analyze all inbound and outbound honeynet activity. In the past, building a Honeywall was a difficult and manually intensive process, requiring the combination of various technologies. We have attempted to combine all of these elements into a single, bootable installation CDROM. After installation, minor configuration will be required in order for the system to be fully functional.

1.2 Whats New
For those of you who are familar with the older Honeywall Eeyore, there have been a variety of radical changes. Its highly encouraged you read this documentation before installation, even if you are fimilar with Eeyore. The biggest new feature with Roo is that the CDROM installs the entire operating system (based on Fedora Core 3) to the hard drive. This makes it much easier to modify and maintain the OS base. In addition, the new version has the following updates.

• Walleye: A new web interface for system administration and data analysis.
• Support for the new version of Sebek, 3.x (Roo is not compaible with earlier versions of Sebek)
• Automated update OS and Honeywall functionality with yum.
• System minimized and hardened.
• Simplified customization.
• Released under the GPL License.

1.3 Background Information
In addition to this online manual, there are three additonal papers we highly recommend you read. These papers will give you a better idea of the concepts and risks involved in the Honeywall CDROM.

• Know Your Enemy: Honeynets: This paper will familiarize you with the concepts of a honeynet, especially all the risks and legal issues involved.
• Know Your Enemy: Gen2 Honeynets: This paper will familiarize you with the technologies involved in a 2nd Generation honeynet. This is what you are deploying with the Honeywall CDROM
• Know Your Enemy: Roo: This paper is an overview of the Roo Honeywall CDROM, its basic concepts, and how it can be used (NOTE: This paper is still under development).