Meyer, HeloiseBarbour, Graham DMcDonald, Andre MBadenhorst, Danielle PGertenbach, Wian P2024-07-222024-07-222024-07Meyer, H., Barbour, G.D., McDonald, A.M., Badenhorst, D.P. & Gertenbach, W.P. 2024. Utilisation of a virtual honeynet to proactively secure the South African National Research and Education Network against cyberattacks. <i>Communications in Computer and Information Science, 2159.</i> http://hdl.handle.net/10204/137321865-09291865-0937https://doi.org/10.1007/978-3-031-64881-6_24http://hdl.handle.net/10204/13732South Africa is witnessing a significant increase in cyberattacks. Although such an increase in cyberattacks can be attributed to various factors, poor investment in cybersecurity technology and lack of awareness are causing South Africa to be a target of interest. While cyberattacks are targeting various sectors, it is the cyberattacks impacting critical infrastructure that are a growing concern. The South African National Research and Education Network (SA NREN) is a high-speed network dedicated to science, research, education and innovation traffic. With the growth of the SA NREN and the continuous increase in cyberattacks affecting South African institutions, proactive steps are required to secure and protect the SA NREN. This responsibility lies with the SA NREN Cybersecurity Incident Response Team (CSIRT), which was established in 2016 to offer protection against cyberattacks. While various proactive measures are currently in place to monitor the SA NREN, the CSIRT continues to explore alternative cost-effective solutions to secure the NREN. This paper investigates the benefits of utilising a novel low-interaction secure shell (SSH) honeynet, referred to as the Virtual Honeynet, to monitor and proactively secure the SA NREN. The Virtual Honeynet uses virtual containers to reduce resource requirements and improve performance. The investigation involved the experimental deployment of the Virtual Honeynet on the SA NREN over a twelve-day period and the evaluation of the captured data. The evaluation conducted focused on extracting behavioural and geographical intelligence from the raw data to guide the deployment of cyber measures to secure the SA NREN. The results presented in this paper confirm the value the Virtual Honeynet offers to the SA NREN as a technology to proactively secure the network.AbstractenCyberattacksCybersecurityHoneynetNetwork securityUtilisation of a virtual honeynet to proactively secure the South African National Research and Education Network against cyberattacksArticleMeyer, H., Barbour, G. D., McDonald, A. M., Badenhorst, D. P., & Gertenbach, W. P. (2024). Utilisation of a virtual honeynet to proactively secure the South African National Research and Education Network against cyberattacks. <i>Communications in Computer and Information Science, 2159</i>, http://hdl.handle.net/10204/13732Meyer, Heloise, Graham D Barbour, Andre M McDonald, Danielle P Badenhorst, and Wian P Gertenbach "Utilisation of a virtual honeynet to proactively secure the South African National Research and Education Network against cyberattacks." <i>Communications in Computer and Information Science, 2159</i> (2024) http://hdl.handle.net/10204/13732Meyer H, Barbour GD, McDonald AM, Badenhorst DP, Gertenbach WP. Utilisation of a virtual honeynet to proactively secure the South African National Research and Education Network against cyberattacks. Communications in Computer and Information Science, 2159. 2024; http://hdl.handle.net/10204/13732.TY - Article AU - Meyer, Heloise AU - Barbour, Graham D AU - McDonald, Andre M AU - Badenhorst, Danielle P AU - Gertenbach, Wian P AB - South Africa is witnessing a significant increase in cyberattacks. Although such an increase in cyberattacks can be attributed to various factors, poor investment in cybersecurity technology and lack of awareness are causing South Africa to be a target of interest. While cyberattacks are targeting various sectors, it is the cyberattacks impacting critical infrastructure that are a growing concern. The South African National Research and Education Network (SA NREN) is a high-speed network dedicated to science, research, education and innovation traffic. With the growth of the SA NREN and the continuous increase in cyberattacks affecting South African institutions, proactive steps are required to secure and protect the SA NREN. This responsibility lies with the SA NREN Cybersecurity Incident Response Team (CSIRT), which was established in 2016 to offer protection against cyberattacks. While various proactive measures are currently in place to monitor the SA NREN, the CSIRT continues to explore alternative cost-effective solutions to secure the NREN. This paper investigates the benefits of utilising a novel low-interaction secure shell (SSH) honeynet, referred to as the Virtual Honeynet, to monitor and proactively secure the SA NREN. The Virtual Honeynet uses virtual containers to reduce resource requirements and improve performance. The investigation involved the experimental deployment of the Virtual Honeynet on the SA NREN over a twelve-day period and the evaluation of the captured data. The evaluation conducted focused on extracting behavioural and geographical intelligence from the raw data to guide the deployment of cyber measures to secure the SA NREN. The results presented in this paper confirm the value the Virtual Honeynet offers to the SA NREN as a technology to proactively secure the network. DA - 2024-07 DB - ResearchSpace DP - CSIR J1 - Communications in Computer and Information Science, 2159 KW - Cyberattacks KW - Cybersecurity KW - Honeynet KW - Network security LK - https://researchspace.csir.co.za PY - 2024 SM - 1865-0929 SM - 1865-0937 T1 - Utilisation of a virtual honeynet to proactively secure the South African National Research and Education Network against cyberattacks TI - Utilisation of a virtual honeynet to proactively secure the South African National Research and Education Network against cyberattacks UR - http://hdl.handle.net/10204/13732 ER -28097