SAHER HoneyNet : A Tunisian Honeynet Project
A honeynet is a network set up with intentional vulnerabilities; its purpose is to invite attack, so that an attacker's activities and methods can be studied and that information used to increase network security. A honeynet contains one or more honey pots, which are computer systems on the Internet expressly set up to attract and "trap" people who attempt to penetrate other people's computer systems. Although the primary purpose of a honeynet is to gather information about attackers' methods and motives, the decoy network can benefit its operator in other ways, for example by diverting attackers from a real network and its resources.
The Tunisian honeynet project “Saher-HoneyNet” is an initiative launched by the Tunisian CERT, in order to mitigate threats related to malicious traffic in order to improve the national cyberspace security by ensuring preventive and response measures to deal with malware infections.
The Honeynet Project, a non-profit research organization dedicated to computer security and information sharing, actively promotes the deployment of honeynets.
The first research activities started in 2004, by deploying few honeyd sensors and testing new detection and prevention techniques to come up with a very powerful detection platform by the year 2008 as more resources are invested in the project. Now, the Tunisian honeynet project is a part of the Tunisian cyber early warning system “SAHER” created to deal with all cyber threats and to coordinate with the international community.
This project involves all the cyberspace stakeholders, including the government, ISPs, Telcos, and critical information infrastructure, providing them coordination with tools for the detection; procedures to share information and technologies to clean-up the cyberspace and track malicious sources.