Indian Honeynet Project : Chapter Status Report For 2014

Indian Honeynet Chapter
Annual Update Report 2014
 
The Indian Honeynet Project (IHP) is affiliated with the Honeynet Project and is five years old. We have come a long way, and are now focused more towards spreading awareness around data security and honeypots and promoting researchin spam honeypots and early attack / threat detection mechanisms.
 
Organization
IHP has an open membership call and at last count there are 280 members. The members are a mix of people who are students, academics, professionals and researchers. We add a few interested members every month through submissions via our website and the chapter is well known in security circles in the country. While this number looks to be very high, in comparison to the reported numbers on the HP website, it has been kept so and highly motivated / active volunteers and contributors are included in the membership reported to the parent body.
Honeypot Deployments
The following honeypots were deployed by the chapter volunteers.
- Kippo, SSH Honeypot - 5 Deployments
  * Location: Pune
- Glastopf, Web Application Honeypot - 5 Deployments
  * Location: Pune, AWS (2)
- Dionaea, Malware Capturing Honeypot - 2 Deployments
- SHIVA, Spam Honeypot - 3 Deployments
  * Location: Pune, Netherlands (cloud) (2)
- Conpot , ICS Honeypot – 1 Deployment
  * Location: Saudi Arabia (Cloud)
 
Community Engagement
 Website
The website honeynet.org.in was revamped and along with the new look the website consists of various resources and information about the chapter.
- Various Online social media channels have been established to push Indian Honeynet Project and Honeynet Project updates.
- Continuous support and interaction with the researchers around the world who have been using tools from Indian chapter.
 
Public Events
a.       SHIVA was demonstrated and discussed in detail during Honeynet Conference in Warsaw in 2014
b.       "Honeypots and Honeynet" - A talk on how kippo, glastopf and dionaea work was delivered in the monthly meet of the Delhi Chapter of the NULL Community
c.       An introductory session was organized for the information security students at Indira Gandhi Delhi Technical University by IHP volunteers.
d.      Several IHP Chapter meets were conducted throughout the year, amongst which the most notable one, that witnessed presence of members from different parts of the country was organized in November'14 at the The Ashok, Delhi.
e.        Cyber Security presentations done at c0c0n-2014 (Kochi) and Defcon-OWASP Conference (Lucknow).
f.        Awareness session about Honeypots and Indian Honeynet Project delivered at OWASP Chandigarh chapter meet
 
 
Research And Development
- "Pi-Pot" Raspberry PI based Distribution which bundles pre-installed Honeypots was released.
- "Splunk Based Monitoring" An approach to centralize monitoring and logging of Honeypots via Splunk has been modeled and is being tested.
- SHIVA has been tweaked regularly and has became one of the most popular Spam Honeypot across the world, where it is being deployed in corporate and research environments outside of Honeynet project as well.  
- Various attack reports and malware samples were analyzed to scale cyber threat from within India.
- "Optimizing Glastopf with SEO" An approach to enhance glastopf by using search engine optimization techniques.
- "Honeypots to catch CP downloaders" An approach to catch child pornography downloaders was suggested by the IHP chapter based on honeypots and drive-bys – this is pending with the cybercrime / CID department at one of the state police departments, awaiting acceptance and approval.
- Use of honeypots as an "Early Warning System for Critical Infrastructure" has been conceptualized and the IHP team is actively working on the idea to develop a deployable architecture.
- Honeynet team is working on concept of "CenTOC - Centralized Technology Operation Center" which is built upon the best features of both a SOC and a NOC is being paved with honeypots integration.
 
Goals for 2015
- Work on concept of an early warning system for Critical Infrastructure and carry out a test.
- Development of raw analysis for Dionaea with splunk need to integrated with other honeypot clients.
- Establishing an automated malware analysis environment with free and open source tools shall be setup.
- Version 2 of the “pi-pot” distro containing various additional tools for analysis.
- Active interactions of the enthusiasts in the domain via meets, blogs and social networking channels.
- Extend awareness and reporting sessions on honeynets and their use in corporate networks and SOC/NOC/TOC
- Partner with education institutions to setup honeypots and participate in research activities.