Coming up with an idea and transforming it into a finished product is always a long journey. So, we just have to start somewhere! First of all, I am thinking about what the ideal product would be like.
In my mind, it’s a plug-and-play device that mimics actual devices in the network.
What do we need to make that happen?
Coffee. We need lots of coffee to work through our product development phase. We will first look at the software since that’s the core of any device. Let’s break it down into two areas:
1. Software running on the device
Choosing the Operating System
The device needs an operating system! There are many choices when it comes to selecting one. After reviewing the current state of the art, it’s clear that Ubuntu Server is still the most popular choice. It’s robust, has long-term support, can run on almost any device, and is designed to operate without reboots for months on end.
For the software running on the device, the code will be split into two applications.
1. Device Manager - Baby sitting the device
The first application will be the device manager. It simply does what it says: managing the device. Anything from software updates and configuration changes to reboots will be handled by this part of the software.
2. HoneyPot Service - The REAL TRAP
Any attacker that comes along will have to deal with the constantly changing honeypot service. The SentryBox will mimic devices as completely as possible to lure hackers into the trap. This includes various services like SSH, FTP, HTTP, etc., as well as detecting NMAP scans. This part of the software will also be responsible for sending alerts.
2. The backend/server application for management
In past projects, we were fortunate to use AWS and gained valuable experience with that infrastructure. I know it’s expensive, but reliability and security are the top priorities for the SentryBox. We already know how to set up security-relevant options like API Gateways, security groups, and IAM access. Additionally, we have scaled with AWS far beyond our traffic expectations for the SentryBox.
We are strong believers in self-service
The admin panel ensures that users can reconfigure the SentryBox at any time, change configurations on the go, and stay aware of the current state. Self-service is instant and does not rely on any third party. Whether they want to change out a device on Sunday at 2 a.m. on New Year’s Eve—no problem, it’s done!
Besides managing the SentryBox, alerts and uptimes need to be displayed. If a SentryBox is down multiple times a month, there might be an issue with the customer's network connectivity as a whole, or someone might already be undetected in the network.
Enough thoughts for today. We now have an overview of what the product should be able to do.
