The purpose of this section is to give you an overview of what the Honeywall CDROM is and how it works. Please submit all bugs/corrections for this documentation or the Honeywall CDROM to our Bugzilla Server.

Last Modified: 25 May, 2007

1. General Overview

1. Purpose
2. Whats New
3. Background Information

1.1 Purpose
The purpose of the Honeywall CDROM is to make honeynet deployments simple and effective. The CDROM accomplishes this by automating the process of deploying a honeynet gateway, also known as a Honeywall. The CDROM also provides you tools to easily configure, maintain, and analyze the solution after it has been deployed. The Honeywall is often the most critical and complex element of any successful honeynet deployment. Its purpose is to capture, control, and analyze all inbound and outbound honeynet activity. In the past, building a Honeywall was a difficult and manually intensive process, requiring the combination of various technologies. We have attempted to combine all of these elements into a single, bootable installation CDROM. After installation, minor configuration will be required in order for the system to be fully functional.

1.2 Whats New
The latest version Honeywall CDROM Roo 1.2 is based on the previous 1.1 release. We consider this platform much more stable, with numerous bug fixes. In addition several major changes were made to enhance functionality. Version 1.0 and 1.1 are End of Life and no longer supported, we highly encourage you to upgrade to version 1.2.

• All RPM's are updated from the Honeynet Project website. This was done so we could test RPM's first to ensure they do not break functionality. You have the option of getting updates from other mirrors, or the primary RPM repositories.
• The CDROM is shipped with the latest version of Snort (2.6 branch) and the latest Sourcefire VRT ruleset.
• We removed Snort rules management section from the Walleye interface (it was too complex). Instead, we added automated updating of both Snort and Snort-Inline rulesets using Oinkmaster and Snortconfig.
• We simplified customization, primarily for shipping .iso images with SSH keys for distributed use.

1.3 Background Information
In addition to this online manual, there are three additonal papers we highly recommend you read. These papers will give you a better idea of the concepts and risks involved in deploying a honeynet using the Honeywall CDROM.

• Know Your Enemy: Honeynets: This paper will familiarize you with the concepts of a honeynet, especially the risks and legal issues involved.
• Know Your Enemy: Gen2 Honeynets: This paper will familiarize you with the technologies involved in a 2nd Generation honeynet. This is what you are deploying with the Honeywall CDROM
• Know Your Enemy: Roo: This paper is an overview of the Roo Honeywall CDROM, its basic concepts, and how it can be used.