Honeypots are intentionally designed to be attacked. They serve as valuable tools for gaining insights into attacker TTPs (tactics, techniques, and procedures) while also acting as decoys to divert attention from actual assets.
However, like any other software, honeypots themselves can have vulnerabilities. If an attacker successfully compromises a honeypot system, the potential damage could be significant. This risk is particularly concerning in environments such as in-vehicle automotive honeypots, where the honeypot is deployed on the same hardware as critical assets.
To address this risk, CROWSI follows a unique approach by shifting the actual honeypot to a dedicated backend infrastructure while keeping only a standard reverse proxy within the edge-device asset. This design significantly reduces the attack surface and enhances overall security.
However, even with this architecture, a potential risk remains if an attacker manages to identify and exploit a vulnerability in the reverse proxy. To help mitigate this risk, we have added a README to our CROWSI platform GitHub repository, outlining security best practices for reverse proxy integration.
We encourage you to check it out and apply these best practices to enhance the security of your deployment. If you have any questions or need further support, feel free to reach out to us—we are here to help on your honeypot journey!
Let’s work together to create a world where attackers can never be certain whether they are interacting with a real system.
P.S. Contributions to this guide via pull requests are very welcome!