2023–24 Projects:
Long long ago, when computers were mostly a mystery to me, and
Angelina Jolie was younger than most Carleton Seniors, I saw the
movie Hackers, and
was awed and amazed by the battle that took place in the virtual
world between the good hackers and the evil system administrator.
It
was almost 10 years later when I took a grad computer security class
that I finally understood a bit of what was (supposedly) actually
going on in that movie.
Of course in the real world hackers aren't always quite so honorable (nor do their attacks generate such cool visual effects),  and the system administrator is more often than not the "good guy",  protecting her network of computers (and their users) from malicious attacks designed to steal private data, send spam from trusted sources, crash servers, or otherwise generally wreak havoc and ruin someone's day.
The field of computer security is locked in a constant arms race with malicious hackers. The hackers continually invent new attacks and discover new vulnerabilites they can use to compromise systems, and the protectors of those systems generally find themselves on the defensive, creating fixes and patching holes only after an attack has caused potentially serious damage. The goal of a honeynet is to go on the offensive and use hackers' own techniques to discover and prevent attacks before they happen.
A honeynet is in essence a trap to lure hackers and collect data on everything they do to learn about their methods and potentially new attacks. The organization of a honeynet varies, but the basic idea is to set up one or more machines on a network as bait, by purposefully introducing security flaws that leave them open to attack. These machines will run tracking software that monitors and records every port scan, remote access event, and action that occurs on that computer. The bait machines are designed to look appealing to potential hackers, but are in reality separated from the actual network by a severely (or even completely) restricting firewall, to prevent an attacker from using one of them to access anything beyond. The data collected by these machines can be analyzed to learn about the methods used by an attacker, especially any previously unknown vulnerabilities that an attacker exploits. This information can then be used to create security solutions before the real network is attacked, and thus save the day!
For this project, you will properly set up a honeynet on the Carleton network (to be thourougly checked and vetted by the IT folks before it actually goes online), learn about some basic attacks to try on your honeynet to test it, and analyze the data the honeynet collects on real outside attacks. You will do all of this without comprimising the actual Carleton network in any way. Really. I would like to keep my job =)
Some steps you may wish to follow include:
In the fall, you'll work with a librarian to do a thorough literature search to find out what others have done in this area. In the meantime, here are a few relevant resources.