Honeypot in a box: A distributed cluster network for honeypot deployment

Honeypots are strategic tools crafted to divert potential attackers away from compromising infrastructures while simultaneously capturing their attack techniques. These sophisticated cybersecurity instruments empower experts to discern patterns that could present risks to specific infrastructures. Deploying a honeypot in a particular location may result in the repetitive collection of similar patterns. Establishing an infrastructure that enables the distribution of honeypots across diverse locations could yield distinct patterns. Despite this potential advantage, there is presently a lack of dedicated tools designed for such purposes. In cooperation with various entities, I aspire to establish a distributed network of honeypots for comprehensive research endeavors. The objective of this thesis is dedicated to the meticulous implementation of a distributed cluster network, leveraging the robust Kubernetes infrastructure, for the purposeful deployment of honeypots. To initiate an in-depth examination of the advantages of containers compared to virtual machines, ultimately necessitating the adoption of a container orchestrator. This exploration involved a detailed comparative analysis, assessing Docker Compose, Swarm, and Kubernetes, with the latter emerging as the preferred solution due to its unparalleled scalability. To enhance the robustness of secure connections between nodes, an exhaustive exploration of VPN technologies, including OpenVPN, IPsec, and WireGuard, was undertaken. The latter was chosen for its outstanding throughput performance, solidifying its selection in the network architecture. In the quest for an optimal Kubernetes distribution, a thorough evaluation covered K8s, Minikube, Rancher, K3s, and K0s. The choice of K3s stemmed from its simplicity and robust support for edge devices, including Raspberry Pis. Consequently, I delve into the implementation of scripts designed to facilitate the seamless installation of a cluster and the establishment of node connections through a VPN. This installation ensures the creation of a robust system that can withstand disruptions, promptly initiating recovery mechanisms in the event of a cluster node failure. Once the cluster is operational, specific manifests containing the Cowrie honeypot image are applied, allowing me to deploy these honeypots across diverse networks. Leveraging services, I enable the exposure of these honeypots in various locations, ultimately achieving our objective of distributing honeypots across different environments. Upon establishing the k3s cluster, it becomes imperative to conduct thorough performance assessments. The benchmarks employed to evaluate the cluster encompass a spectrum of critical metrics. These include Network Latency Testing, Pod Deployment Time, Honeypot Simulation, Network Throughput, Node Failure and Recovery, Storage Performance, Pod-to-Pod Communication, and Load Testing. These benchmarks collectively provide comprehensive insights into the efficiency and resilience of the k3s cluster under varied conditions. In the future, the project envisions the incorporation of monitoring tools, an expansion in the number of honeypots, and the development of intelligent mechanisms to enhance honeypot control. This forward-looking strategy aims to enhance the cluster's overall functionality and security. These planned initiatives aim to create a more sophisticated and responsive infrastructure, paving the way for continual improvements in the project's capabilities.