Configuration Honeypots with an Emphasis on Logging of the Attacks and Redundancy

The number of devices connected to a computer network has increased in recent years. This is also evidenced by the increased number of attacks and viruses by which attackers try to control devices in their favor. By using honeypots in the network infrastructure, we can attract such attackers to a fake system and obtain valuable information from them that we can use to improve network security. This diploma thesis deals with the issue of honeypot configuration in order to obtain information about attackers as well as ensuring system redundancy. We performed the redundancy using the Heartbeat system, which offers us cluster infrastructure services. Honeypot Honeyd was used to interact with low-level attackers on which we configured virtual devices. Honeypot Cowrie served us to interact with mid-level attackers. Subsequently, we verified the functionality of our solution using simulations in a computer network. We compared the amount of information obtained and based on it decided to deploy the Cowrie honeypot to a public IP address. The information was expressed by the behavioral manifestation of ELK Stakc in the extension of Kiban into the graphs and diagrams that we analyzed. © 2022 IEEE.