Deploying Hoxey to secure your network is easy!
If you have the Managed Plan, completing the First Access and Device Placement sections is enough, as we will handle everything else. We promised, we deliver!
Initial consultancy for proper device placement and template selection is also included in the Self-Service Plan.
First Access
You'll be granted credentials via an encrypted share or in person to access the Dashboard.
Once inside, open the Settings page and change your password. You should also enable MFA.
Now, activate your subscription on the Billing page. Refer to this guide for further details.
INFO: You can delay this action and explore the service as your account is already fully functional. This grace period/trial depends on the agreement during the consultation.
Template Selection
This section explains how to select the proper template (aka VM image). Refer to the Honeypots and Devices page for technical details.
INFO: We do not disclose available honeypot templates because it would hinder their detection and deception capabilities. This guide uses generic names that may or may not be present.
The template is what the local device appears to be from the perspective of an attacker or any other host in the subnet.
For effective detection and deception, templates should be coherent with the environment and stand out as interesting targets.
In case of an attack, our honeypots should quickly pick up reconnaissance activities aimed at the whole network and trigger an alarm. To maximize effectiveness, they should become the primary target for attackers.
Let's take the network of a private clinic as an example and consider three possible templates: Database, Printer, and CNC Machine.
- The Database fits the environment and is a valuable target. However, there might already be another database, and a duplicate could raise suspicion.
- The Printer is a perfect fit as it's a valuable target and it's normal to see multiple printers in the same network! Printers are low-security, rarely monitored, and patient medical records go through them.
- The CNC Machine has no place in a clinic.
We are committed to adding new templates and improving existing ones over time. Thanks to our cloud-based approach, these become available to all customers, regardless of their plan!
Device Placement
To deploy a device, simply connect the power and Ethernet cable. It's that easy!
Devices must reside in the network segment they are supposed to protect.
The primary candidates for honeypot placement are the segments exposed to initial breach risks, such as those with heavy human activity or other internet-facing assets. In high-security contexts, it's also wise to place honeypots alongside high-value assets.
Guest networks can also be strong candidates for hotels, fairs, clinics, etc.
The number of devices/honeypots per network segment depends on the relative quantity of workstations and servers.
The goal of a honeypot is to attract attackers. If there are multiple other high-value assets in a segment, we recommend adding multiple unique decoys.
In a segment with predominantly workstations, a single decoy can easily cover 20 endpoints.
The golden rule is attractiveness and coherence with the environment above raw numbers. This is against our interest - take it seriously!
WARNING: Given the networking code, we strongly recommend not trying to cover multiple segments with a single device, as its functionality is not guaranteed and it might break with future releases. We do not explicitly forbid this: your network, your choice.
Further Customization
If the network uses internal DNS, we recommend assigning a name to the device that matches its template.
We also recommend spoofing the device's MAC address with something coherent.
Hoxey offers multiple other features and utilities to every customer. Explore the dashboard and refer to the relevant documentation, especially if you're on the Self-Service Plan.