Deploying a University Honeypot: A case study

The cyber threat against all parts of our societies is con- stantly growing, and while some attacks are carried out by cyber crimi- nals for financial gains, others have strong strategic values and are likely to be carried out by nation state actors. One group of institutions that experience the growing cyber threat is universities: Universities are at- tractive targets because they often possess valuable research knowledge, and because universities traditionally have promoted an openness cul- ture. At the same time, they face challenges in maintaining a high level of cyber security, since many people have system and physical access, and because there are many legacy systems in use. In order to build an efficient cyber defense it is crucial to understand the always chang- ing threat picture, so the countermeasures can be adapted accordingly. However, doing so requires updated information about the attacks from a variety of sources. While many of these sources, e.g. threat assessment reports from intelligence agencies, come with regular intervals or in case of significant changes, this paper explores a way of getting real-time in- formation about current attack attempts towards a specific university: Honeypots. The paper contributes by discussing advantages and disad- vantages of different kinds of honeypots in a university setting, and it demonstrates how results can be achieved through actual honeypot im- plementations. Our conclusion is that honeypots are a valuable supple- ment to other sources of intelligence, but it is crucial to choose the right types and architectures.