CDN$ 36.53
  • List Price: CDN$ 57.99
  • You Save: CDN$ 21.46 (37%)
Only 1 left in stock (more on the way).
Ships from and sold by Amazon.ca.
Gift-wrap available.
Quantity:1
Add to Cart
Have one to sell?
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See this image

Know Your Enemy: Learning about Security Threats (2nd Edition) Paperback – May 17 2004


Amazon Price New from Used from
Paperback, May 17 2004
"Please retry"
CDN$ 36.53
CDN$ 36.53 CDN$ 28.20

Join Amazon Student in Canada



Customers Who Bought This Item Also Bought

NO_CONTENT_IN_FEATURE

Product Details

  • Paperback: 800 pages
  • Publisher: Addison-Wesley Professional; 2 edition (May 17 2004)
  • Language: English
  • ISBN-10: 0321166469
  • ISBN-13: 978-0321166463
  • Product Dimensions: 23 x 18 x 4 cm
  • Shipping Weight: 1.2 Kg
  • Average Customer Review: 4.7 out of 5 stars  See all reviews (3 customer reviews)
  • Amazon Bestsellers Rank: #509,481 in Books (See Top 100 in Books)
  • See Complete Table of Contents

Customer Reviews

4.7 out of 5 stars
5 star
2
4 star
1
3 star
0
2 star
0
1 star
0
See all 3 customer reviews
Share your thoughts with other customers

Most helpful customer reviews

One of most exciting areas to emerge in information security has been in the area of honeynets. These are networks designed to be compromised and capture all of the tools and activity of attackers
The Honeynet Project is a volunteer organization dedicated to researching and learning cyber-threats, and sharing our lessons learned. The project is made up of 30 security professionals around the world. They learn about cyber-threats by deploying networks around the world to be compromised. Once compromised, they capture all of the attacker's tools and activity, analyze, and learn from that. The value to this research is there is very little theory involved, they are capturing and seeing what is happening in the Internet today.
Very neat!
A honeynet is the primary tool used to capture attacker's activity. It is a type of honeypot, specifically a high-interaction honeypot. As a honeypot, honeynets work on the concept that they should not see any activity, no one has authorization to interact with them. As a result, any inbound or outbound connections to the honeynet is most likely unauthorized activity. This simple concept makes it highly effective in detecting and capturing both known and unknown activity. Honeynets work as a highly controlled network made up of real systems and applications for attackers to probe and compromise.
The book is about honeynets, how to use them, and what you can learn. The book is broken into three parts. The first part is focused on what honeynets are, how they work, the different types, and technical details on how you can deploy them safely. The second part focuses on how to analyze all the different data a honeynet can collect (network and host based forensics, reverse engineering, centralized data correlation, etc).
Read more ›
Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again.
This is a fascinating read about how understanding hacking, from gathering the data, to the forensic analysis. The second part, on the forensic analysis is very detailed and well written.
The root idea is very simple, put an attractive target on the Internet, wait until it's hacked (and it will be), and then analyze the attack. The first part of the book covers the construction of these attractive 'honeypots'. The second part covers how to analyze the inevitable attack. The third part, which is the most high level, is about the culture of hacking and hackers.
I would recommend this book to anyone involved in securing systems on the open internet who has a good understanding of the technology behind networking and operating systems.
Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again.
[This is a review of the Second Edition, May 2004.]
The Honeynet Project grew out of an informal group of computer experts who decided to take an active role in tracking breakins to computers. Existing countermeasures, like firewalls, and frequent patches of discovered firmware bugs, were fundamentally defensive. And did not actively try to understand the capabilities and intentions of the crackers/intruders/blackhats.
This second edition describes what they term Gen 2 Honeynets. These are more sophisticated than Gen 1 networks of honeypots, where a honeypot is a computer expressly deployed for blackhats to intrude upon. The book delves in some length on how to construct a honeypot and a honeynet. Various configurations are possible. A honeypot could mimic a Microsoft computer or a Solaris or linux machine. There is more emphasis on the actual machine being linux, because of the open source nature, which has led to tools like Snort, Ethereal and Sebeb being available. Indeed, Snort-Inline and Sebek were developed by this project.
Lots of craft keyboard sniffing (Sebek) and network sniffing (Ethereal). Plus, variant arrangements like having one computer pretend to be several honeypots are described. Or another, where a honeynet might be physically distant from the production net, but linked to it via a VPN.
All this is scarcely the last word. The blackhats will certainly devour this book to concoct their next generation techniques. You can safely predict an eventual third edition of this book.
Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again.

Most Helpful Customer Reviews on Amazon.com (beta)

Amazon.com: 7 reviews
4 of 4 people found the following review helpful
Very good book! July 9 2004
By Amazon Customer - Published on Amazon.com
One of most exciting areas to emerge in information security has been in the area of honeynets. These are networks designed to be compromised and capture all of the tools and activity of attackers
The Honeynet Project is a volunteer organization dedicated to researching and learning cyber-threats, and sharing our lessons learned. The project is made up of 30 security professionals around the world. They learn about cyber-threats by deploying networks around the world to be compromised. Once compromised, they capture all of the attacker's tools and activity, analyze, and learn from that. The value to this research is there is very little theory involved, they are capturing and seeing what is happening in the Internet today.
Very neat!
A honeynet is the primary tool used to capture attacker's activity. It is a type of honeypot, specifically a high-interaction honeypot. As a honeypot, honeynets work on the concept that they should not see any activity, no one has authorization to interact with them. As a result, any inbound or outbound connections to the honeynet is most likely unauthorized activity. This simple concept makes it highly effective in detecting and capturing both known and unknown activity. Honeynets work as a highly controlled network made up of real systems and applications for attackers to probe and compromise.
The book is about honeynets, how to use them, and what you can learn. The book is broken into three parts. The first part is focused on what honeynets are, how they work, the different types, and technical details on how you can deploy them safely. The second part focuses on how to analyze all the different data a honeynet can collect (network and host based forensics, reverse engineering, centralized data correlation, etc). The third part is specific examples of several honeynets being hacked, including Win2000, Linux, and Solaris. What makes the book so interesting is it ties all these different elements together. You can learn more at [...]
The book was not written by a single individual, but by leading experts in their field. They attempted to combine the best experiences and skills from some of the leading individuals. The book was organized by the Honeynet Project, but the contributing authors include members of the Honeynet Research Alliance, individuals from the Department of Justice, and others who have helped us in the past and wanted to contribute. Some examples of authors include Honeynet Project members Brian Carrier who wrote several chapters and Max Kilger who wrote about profiling. Honeynet Research Alliance members include the work of the Greek Honeynet Project writing about hacked Linux systems, and the Mexican Honeynet Project writing about hacked Solaris systems. They also had outside experts help out, including Richard Salgado of the DoJ author about legal issues, and Dion Mendel from Australia write about Reverse Engineering.
-- To defend against your threats, you have to first know who your enemy is -- I recommend this book!
6 of 7 people found the following review helpful
Fills a unique niche... Aug. 1 2004
By Thomas Duff - Published on Amazon.com
Most of the time, your only close-up view of a computer attack is trying to sort out how someone compromised your production system. But there is a way to get hands-on experience with attack analysis, and Know Your Enemy - Learning About Security Threats by The Honeynet Project (Addison-Wesley) shows you how.

The chapter breakout: The Beginning; Honeypots; Honeynets; Gen1 Honeynets; Gen2 Honeynets; Virtual Honeynets; Distributed Honeynets; Legal Issues; The Digital Crime Scene; Network Forensics; Computer Forensics Basics; UNIX Computer Forensics; Windows Computer Forensics; Reverse Engineering; Centralized Data Collection and Analysis; Profiling; Attacks and Exploits: Lessons Learned; Windows 2000 Compromise and Analysis; Linux Compromise; Example of Solaris Compromise; The Future; IPTables Firewall Script; Snort Configuration; Swatch Configuration; Network Configuration Summary; Honeywall Kernel Configuration; Gen2 rc.firewall Configuration; Resources and References; About The Authors; Index

If you're not familiar with the concept, a honeypot is a computer set up to gain the attention of network intruders. The concept is that the intruder will spend time with that box and leave the rest of the network alone. A honeynet is the same thing but only at a network level. The authors of this book are experts at setting up these kind of systems in order to see how attackers work and discover new exploits before they are used against actual production systems. They take you through all the different parts of the process; how to set up a honeypot/honeynet, how to analyze an attack, what legal considerations have to be kept in mind, and examples of exploits that actually were recorded and analyzed.

While there are plenty of books that talk about computer security, there are few that show you how to take the offensive and learn first-hand how to analyze and understand real-life attacks. This is a unique offering that will have high appeal for the security professional looking for in-depth understanding of the attacker mindset.
2 of 3 people found the following review helpful
Well written, researched and titled May 30 2004
By Jack D. Herrington - Published on Amazon.com
This is a fascinating read about how understanding hacking, from gathering the data, to the forensic analysis. The second part, on the forensic analysis is very detailed and well written.
The root idea is very simple, put an attractive target on the Internet, wait until it's hacked (and it will be), and then analyze the attack. The first part of the book covers the construction of these attractive 'honeypots'. The second part covers how to analyze the inevitable attack. The third part, which is the most high level, is about the culture of hacking and hackers.
I would recommend this book to anyone involved in securing systems on the open internet who has a good understanding of the technology behind networking and operating systems.
Great Reference Tool June 8 2014
By Katherine Fournier - Published on Amazon.com
Verified Purchase
What's great: This book has a lot of scripting examples that can be used directly. Scripting and Windows personalities are thoroughly covered. Examples of how to apply this for network security and incidence response were greatly appreciated.
Could be improved: as an extreme novice, I would like more detailed step by step set up instructions
struggle against blackhats continues May 29 2004
By W Boudville - Published on Amazon.com
The Honeynet Project grew out of an informal group of computer experts who decided to take an active role in tracking breakins to computers. Existing countermeasures, like firewalls, and frequent patches of discovered firmware bugs, were fundamentally defensive. And did not actively try to understand the capabilities and intentions of the crackers/intruders/blackhats.

This second edition describes what they term Gen 2 Honeynets. These are more sophisticated than Gen 1 networks of honeypots, where a honeypot is a computer expressly deployed for blackhats to intrude upon. The book delves in some length on how to construct a honeypot and a honeynet. Various configurations are possible. A honeypot could mimic a Microsoft computer or a Solaris or linux machine. There is more emphasis on the actual machine being linux, because of the open source nature, which has led to tools like Snort, Ethereal and Sebeb being available. Indeed, Snort-Inline and Sebek were developed by this project.

Lots of craft keyboard sniffing (Sebek) and network sniffing (Ethereal). Plus, variant arrangements like having one computer pretend to be several honeypots are described. Or another, where a honeynet might be physically distant from the production net, but linked to it via a VPN.

All this is scarcely the last word. The blackhats will certainly devour this book to concoct their next generation techniques. You can safely predict an eventual third edition of this book.

Product Images from Customers

Search


Feedback