Vous voulez voir cette page en français ? Cliquez ici.


or
Sign in to turn on 1-Click ordering.
or
Amazon Prime Free Trial required. Sign up when you check out. Learn More
More Buying Choices
Have one to sell? Sell yours here
Tell the Publisher!
I'd like to read this book on Kindle

Don't have a Kindle? Get your Kindle here, or download a FREE Kindle Reading App.

Know Your Enemy: Learning about Security Threats (2nd Edition) [Paperback]

Honeynet Project The
4.7 out of 5 stars  See all reviews (3 customer reviews)
List Price: CDN$ 57.99
Price: CDN$ 36.53 & FREE Shipping. Details
You Save: CDN$ 21.46 (37%)
o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o
Only 1 left in stock (more on the way).
Ships from and sold by Amazon.ca. Gift-wrap available.
Want it delivered Thursday, July 31? Choose One-Day Shipping at checkout.
Join Amazon Student in Canada


Book Description

May 17 2004 0321166469 978-0321166463 2

"The Honeynet guys have always been fighting the good fight: messing with the hackers' heads, learning what they're doing, collecting their tools and tricks, and sharing the knowledge with the rest of the good guys. It's one thing to sit around and try to guess what the hackers are up to, but the Honeynet Project just rolled up their sleeves and went on the offensive in their own unique way. Never before has being a victim been so cool! This book is a great resource for the serious information security professional and the beginning practitioner alike."
--Marcus J. Ranum, Senior Scientist, TrueSecure Corp.

"The Honeynet Project is one of the best sources, if not the best source, for information about current techniques and trends in the blackhat community. They are also how-to experts in setting up and gathering information--safely--about these attackers. The Honeynet Project's ability and willingness to share cutting-edge information is an immeasurable benefit to the security community."
--Jennifer Kolde, security consultant, author, and instructor

"Know Your Enemy contains an incredible wealth of information, including legal and sociological topics, that set it apart from other security books. The scope of this book is broad, and while no one book can teach people everything they need to know on such a topic, this one covers the subject better than any other source I know. Know Your Enemy will help security professionals with specific technical information, and it will help more general readers better understand a topic they need to learn about."
--William Robinson, former security training program manager at Sun Microsystems, curriculum coordinator for Fire Protection Publications.

"This book will be an extremely useful tool in helping a network security administrator or professional assemble the technical tools needed to build, maintain, analyze, and learn from a honeynet within their organization. Each technical chapter goes into great detail on commands, log formats, configuration files, network design, etc. As a professional working with many of these technologies on a daily basis, it is exciting to see all of this information in one place. The knowledge and experience of the authors in working with and developing honeynets has grown noticeably since the first book was published. This is a very positive revision."
--Sean Brown, IT Director, Applied Geographics, Inc.

"With the drastic increase in the number of attacks, it is important to have more people within the security industry studying attacks and attackers' motives and sharing their results with the community. This book begins by teaching users whether they should install a honeypot, and then gives details and information about honeypots and how they can deploy them."
--Kirby Kuehl, Cisco Systems

"Know Your Enemy reveals truths about the blackhat community and shows readers how to fight off attacks. The authors contribute their own experiences and offer the curious reader a rainbow of ideas."
--Laurent Oudot, security engineer, CEA

"The Honeynet Project has been blazing a trail and providing a hard dose of reality that computer security needs. Get behind the fantasy and learn what the hackers are really doing. This is great cutting-edge stuff!"
--Marcus J. Ranum, senior scientist, TruSecure Corp.

For centuries, military organizations have relied on scouts to gather intelligence about the enemy. In the field of information security, few scouts have ever existed. Very few organizations today know who their enemies are, how they might attack, when they might attack, and, perhaps most important, why they attack.

If the blackhat community is the enemy, then the Honeynet Project is a most valuable ally. In this completely revised and greatly expanded follow-up to their groundbreaking book, Know Your Enemy, members of the Honeynet Project, the Alliance, and the community (including Lance Spitzner, Brian Carrier, Anton Chuvakin, Eric Cole, Yannis Corovesis, Max Kilger, and Rob Lee) provide an unrivaled "intelligence report" on those who use the Internet for destructive purposes. They also provide an in-depth guide to honeynets--high-interaction honeypots designed to capture extensive information on exactly how your enemies operate so you can protect your systems from them.

Inside, you'll find extensive information on:

  • How to plan, build, and maintain first- and second-generation, virtual, and distributed honeynets.
  • How to capture and analyze data through a honeynet, including the latest on reverse engineering and forensics for Windows, UNIX, and networks.
  • Understanding the enemy, including real examples of incidents and compromised systems, types of attacks, and profiling.

Aimed at security professionals, but containing much information that is relevant for those with less technical backgrounds, this book teaches the technical skills needed to study and learn from a blackhat attack.




Customers Who Bought This Item Also Bought


Product Details


Product Description

From the Inside Flap

To best defend yourself and to defeat your enemies, you must first understand them: who they are, how they operate, and why. Throughout the ages, countless armies have used this strategy of studying and understanding their enemies in order to defeat them. Just as this strategy was applicable in the days of Julius Caesar, Jan III Sobieski, and Genghis Khan, it can also be applied today in the world of cyberspace. However, whereas enemies of the past may have brandished swords and cannons, today's cyberspace enemies attempt to compromise, steal, or damage information resources using computers and Internet Protocol (IP) packets as their battlefields and weapons.

We all know that computers, networks, software applications, and the Internet have introduced opportunities to the world that no one thought possible. However, as is true with any technology, these same opportunities also carry risks. Whether they are called blackhats, hackers, crackers, disgruntled employees, insiders, or just plain attackers, technology has given these individuals a means to attack almost any resource in the world. While the computer systems and networks we rely on provide us with amazing power, these same systems and networks are static targets: In order to communicate with the rest of the world they must virtually "stay in one spot," which is a critical vulnerability. Blackhats can launch attacks against these information systems whenever they want, however they want, from wherever they want. In many ways, they have the initiative. No other technology has held such great potential for constructive purposes while at the same time giving attackers so much power to destroy that same potential. Thus, the Internet has created a global battlefield that spans not only governmental, military, and private enterprise sectors, but also the homes of millions of individual users.

Organizations, businesses, and individual computer owners spend millions of dollars each year to protect their computer resources against these attacks. Virus scanners, firewalls, intrusion detection systems (IDSs), encryption--all of these technologies and techniques are used to protect information systems against attacks. However, the bad guys still succeed, and their success is growing exponentially. One reason for this string of successes is that very few individuals or organizations have taken a step back to better understand who and what the nature of the threats are, how they operate, and why. Only when we are armed with this knowledge, can we better defend against and defeat our enemies.This book explains the nature of some of these very real threats and gives you the tools and techniques to better learn who your enemies are, how they operate, and why they choose to do so. To do this, we will teach you about "honeynets," a relatively new security technology made up of networks of systems that are designed to be compromised. When attackers break into a honeynet, their every activity, their every keystroke, email, and toolkit is captured, allowing you to see step-by-step how they operate. By learning how to analyze the data honeynets collect, you can better understand who your enemies are and know what you need to do to protect your systems from them.

The first book to discuss honeynets was the first edition of Know Your Enemy, written by Honeynet Project members in 2001. This book introduced the concepts of honeynets, how they worked, and how to analyze the information they captured. Since then, radical improvements have been made, not just in honeynet technology, but in deployment concepts and how to analyze the information collected by honeynets. Thus, the second edition of Know Your Enemy discusses the advances made since 2001. This new edition covers the older honeynet technologies covered in the first edition--now considered first-generation technologies--in greater detail, offers more examples, and introduces new tools for deploying and maintaining honeynets. Even more exciting, this second edition discusses new techniques and technologies never published before, including second-generation and distributed honeynets. Most of these new techniques have been tested and deployed by the Honeynet Project and Honeynet Research Alliance. The second edition also discusses data analysis in much greater detail, with entire chapters dedicated to Windows forensics, UNIX forensics, reverse engineering, and network forensics. All of this material is based on our experiences, with real-world examples to show you step-by-step all the issues involved.

Perhaps most exciting about the second edition is that each chapter is written by specific members of the Honeynet Project, Honeynet Research Alliance, and contributors--people who have developed and deployed the technologies the book discusses in the real world. These are people and organizations who have had their honeynets repeatedly attacked and have learned from their success and failures, and now hope to share their experience with you. We hope you find this book as exciting and fun as we have found our research to be.Format of the Book

The format of this book is very similar to our first edition and is broken down into three main parts:

  • Honeynets, Chapters 1-8: In the first part, we discuss honeynets--what they are, their value, the different types, and how they work (in excruciating detail). We begin with the history of the Honeynet Project, then move onto what honeypots and honeynets are, their value, and the issues involved. We then discuss specific honeynet technologies (GenI and GenII) and move on to some more advanced deployments, such as virtual or distributed honeynets.
  • Analysis, Chapters 9-15: In the second part, we discuss how to analyze the data honeynets collect, including network and disk forensics and data analysis. We attempt to go into as much detail as possible, using real data from a variety of different attacks we have captured.
  • Examples, Chapters 16-20: In the third part, we cover what we have learned about common threats, using some examples of honeynets we have had compromised.

Finally, in Chapter 21, we finish the book up by discussing the future of this technology, and where it may be headed.

At the end of the book you will find several appendixes detailing configurations and data output from critical tools.The Audience of This Book

Honeynets are used primarily for gathering information on threats. The information they collect has different value to different people, such as identifying insider threats, early warning and prediction, or intelligence gathering on specific new exploits, tools, or threats. This information can also shed light on the attackers themselves, revealing who is launching attacks, how they communicate, and what their motivations are. Thus, this book's target audience is security professionals--individuals who deal with attackers and have to protect their organizations on a daily basis.

Honeynets can capture and analyze information about attackers in both internal and external networks. Thus, in addition to security professionals, other organizations can benefit from this book. Security research organizations and universities can use the material in this book to conduct research on cyber threats using techniques that include content analysis or statistical analysis. Meanwhile, cyber attacks represent a serious threat against the critical information infrastructure of countries and governments, and cyber crime is a new threat law enforcement must deal with on a daily basis, with perpetrators being located all over the globe. Therefore, this book can also help government and law-enforcement organizations better understand and protect themselves against such threats by utilizing honeynets as a tool to identify, counter, and prosecute criminal activity. Military organizations will also find this book valuable, as cyber warfare has become a new, largely not understood, battleground, and honeynets can be deployed as a form of military intelligence. Finally, organizations and legal professionals will find Chapter 8 to be especially interesting, as it is one of the first definitive resources concerning the legal issues of honeynets, written by a member of the United States Department of Justice.

Companion CD-ROM

This book also comes with a companion CD-ROM, providing you with all the tools, materials, source code, and data captures discussed in the book. In addition, this CD provides the documentation, configuration files, and techniques for deploying honeynets, as well as the logs, network captures, and disk images of numerous attacks. Our goal is not just to educate you, but to provide you with the resources you need to gain hands-on experience.For example, if any of the URLs mentioned in the book change, the book's Web site will provide you with updated links. In addition, you can visit the Web site to stay up-to-date with the latest in honeynet strategies.

Chapter References

At the end of this book you will find a Resources and References section. This section will list, by chapter, all references made by that chapter, and where the reader can find additional information about topics discussed in this book. Examples include Web sites, white papers, and other books.

Network Diagrams

Throughout this book you'll also find network diagrams demonstrating the deployment of honeynets. To help you better understand all the technologies involved, when possible we use different images for different types of systems. Honeynets consist of two different systems: those that you want to be attacked and those you do not. All production systems are illustrated as simple black and white computer objects. These are systems that you do not want to be attacked or compromised as they make up the internal architecture of a honeynet or are real-world production systems within an organization. Such systems include firewalls, intrusion detection sensors, and data collection systems.

Systems within honeynets that you do want to be attacked are illustrated throughout the book with gray shading going through the system. These systems are referred to as "honeypots."About the Authors

As noted earlier, this book was written by members of the Honeynet Project, Honeynet Research Alliance, and active contributors. Each chapter was written by the members with the greatest experience in that area. These individuals are security professionals dedicated to learning more about the blackhat community and sharing the lessons they've learned. Each member brings unique skills and experiences to the table. For example, some members have extensive experience with Windows or UNIX forensics, others in reverse engineering, while still others have expertise in intrusion detection development, firewalls, network architecture, exploit analysis or in fields such as social psychology, statistics, foreign language translation, and profiling. The unique, multidisciplinary approach and expertise of these individuals combine to create an effective team, and we hope a very educational book. You will find the biographies of the authors involved in the creation of each chapter at the end of this book.



0321166469P05202004

From the Back Cover

"The Honeynet guys have always been fighting the good fight: messing with the hackers' heads, learning what they're doing, collecting their tools and tricks, and sharing the knowledge with the rest of the good guys. It's one thing to sit around and try to guess what the hackers are up to, but the Honeynet Project just rolled up their sleeves and went on the offensive in their own unique way. Never before has being a victim been so cool! This book is a great resource for the serious information security professional and the beginning practitioner alike."
--Marcus J. Ranum, Senior Scientist, TrueSecure Corp.

"The Honeynet Project is one of the best sources, if not the best source, for information about current techniques and trends in the blackhat community. They are also how-to experts in setting up and gathering information--safely--about these attackers. The Honeynet Project's ability and willingness to share cutting-edge information is an immeasurable benefit to the security community."
--Jennifer Kolde, security consultant, author, and instructor

"Know Your Enemy contains an incredible wealth of information, including legal and sociological topics, that set it apart from other security books. The scope of this book is broad, and while no one book can teach people everything they need to know on such a topic, this one covers the subject better than any other source I know. Know Your Enemy will help security professionals with specific technical information, and it will help more general readers better understand a topic they need to learn about."
--William Robinson, former security training program manager at Sun Microsystems, curriculum coordinator for Fire Protection Publications.

"This book will be an extremely useful tool in helping a network security administrator or professional assemble the technical tools needed to build, maintain, analyze, and learn from a honeynet within their organization. Each technical chapter goes into great detail on commands, log formats, configuration files, network design, etc. As a professional working with many of these technologies on a daily basis, it is exciting to see all of this information in one place. The knowledge and experience of the authors in working with and developing honeynets has grown noticeably since the first book was published. This is a very positive revision."
--Sean Brown, IT Director, Applied Geographics, Inc.

"With the drastic increase in the number of attacks, it is important to have more people within the security industry studying attacks and attackers' motives and sharing their results with the community. This book begins by teaching users whether they should install a honeypot, and then gives details and information about honeypots and how they can deploy them."
--Kirby Kuehl, Cisco Systems

"Know Your Enemy reveals truths about the blackhat community and shows readers how to fight off attacks. The authors contribute their own experiences and offer the curious reader a rainbow of ideas."
--Laurent Oudot, security engineer, CEA

"The Honeynet Project has been blazing a trail and providing a hard dose of reality that computer security needs. Get behind the fantasy and learn what the hackers are really doing. This is great cutting-edge stuff!"
--Marcus J. Ranum, senior scientist, TruSecure Corp.

For centuries, military organizations have relied on scouts to gather intelligence about the enemy. In the field of information security, few scouts have ever existed. Very few organizations today know who their enemies are, how they might attack, when they might attack, and, perhaps most important, why they attack.

If the blackhat community is the enemy, then the Honeynet Project is a most valuable ally. In this completely revised and greatly expanded follow-up to their groundbreaking book, Know Your Enemy, members of the Honeynet Project, the Alliance, and the community (including Lance Spitzner, Brian Carrier, Anton Chuvakin, Eric Cole, Yannis Corovesis, Max Kilger, and Rob Lee) provide an unrivaled "intelligence report" on those who use the Internet for destructive purposes. They also provide an in-depth guide to honeynets--high-interaction honeypots designed to capture extensive information on exactly how your enemies operate so you can protect your systems from them.

Inside, you'll find extensive information on:

  • How to plan, build, and maintain first- and second-generation, virtual, and distributed honeynets.
  • How to capture and analyze data through a honeynet, including the latest on reverse engineering and forensics for Windows, UNIX, and networks.
  • Understanding the enemy, including real examples of incidents and compromised systems, types of attacks, and profiling.

Aimed at security professionals, but containing much information that is relevant for those with less technical backgrounds, this book teaches the technical skills needed to study and learn from a blackhat attack.




Sell a Digital Version of This Book in the Kindle Store

If you are a publisher or author and hold the digital rights to a book, you can sell a digital version of it in our Kindle Store. Learn more

Customer Reviews

3 star
0
2 star
0
1 star
0
4.7 out of 5 stars
4.7 out of 5 stars
Most helpful customer reviews
5.0 out of 5 stars Very good book! July 9 2004
One of most exciting areas to emerge in information security has been in the area of honeynets. These are networks designed to be compromised and capture all of the tools and activity of attackers
The Honeynet Project is a volunteer organization dedicated to researching and learning cyber-threats, and sharing our lessons learned. The project is made up of 30 security professionals around the world. They learn about cyber-threats by deploying networks around the world to be compromised. Once compromised, they capture all of the attacker's tools and activity, analyze, and learn from that. The value to this research is there is very little theory involved, they are capturing and seeing what is happening in the Internet today.
Very neat!
A honeynet is the primary tool used to capture attacker's activity. It is a type of honeypot, specifically a high-interaction honeypot. As a honeypot, honeynets work on the concept that they should not see any activity, no one has authorization to interact with them. As a result, any inbound or outbound connections to the honeynet is most likely unauthorized activity. This simple concept makes it highly effective in detecting and capturing both known and unknown activity. Honeynets work as a highly controlled network made up of real systems and applications for attackers to probe and compromise.
The book is about honeynets, how to use them, and what you can learn. The book is broken into three parts. The first part is focused on what honeynets are, how they work, the different types, and technical details on how you can deploy them safely. The second part focuses on how to analyze all the different data a honeynet can collect (network and host based forensics, reverse engineering, centralized data correlation, etc).
Read more ›
Was this review helpful to you?
5.0 out of 5 stars Well written, researched and titled May 30 2004
This is a fascinating read about how understanding hacking, from gathering the data, to the forensic analysis. The second part, on the forensic analysis is very detailed and well written.
The root idea is very simple, put an attractive target on the Internet, wait until it's hacked (and it will be), and then analyze the attack. The first part of the book covers the construction of these attractive 'honeypots'. The second part covers how to analyze the inevitable attack. The third part, which is the most high level, is about the culture of hacking and hackers.
I would recommend this book to anyone involved in securing systems on the open internet who has a good understanding of the technology behind networking and operating systems.
Was this review helpful to you?
4.0 out of 5 stars The struggle against blackhats continues May 29 2004
[This is a review of the Second Edition, May 2004.]
The Honeynet Project grew out of an informal group of computer experts who decided to take an active role in tracking breakins to computers. Existing countermeasures, like firewalls, and frequent patches of discovered firmware bugs, were fundamentally defensive. And did not actively try to understand the capabilities and intentions of the crackers/intruders/blackhats.
This second edition describes what they term Gen 2 Honeynets. These are more sophisticated than Gen 1 networks of honeypots, where a honeypot is a computer expressly deployed for blackhats to intrude upon. The book delves in some length on how to construct a honeypot and a honeynet. Various configurations are possible. A honeypot could mimic a Microsoft computer or a Solaris or linux machine. There is more emphasis on the actual machine being linux, because of the open source nature, which has led to tools like Snort, Ethereal and Sebeb being available. Indeed, Snort-Inline and Sebek were developed by this project.
Lots of craft keyboard sniffing (Sebek) and network sniffing (Ethereal). Plus, variant arrangements like having one computer pretend to be several honeypots are described. Or another, where a honeynet might be physically distant from the production net, but linked to it via a VPN.
All this is scarcely the last word. The blackhats will certainly devour this book to concoct their next generation techniques. You can safely predict an eventual third edition of this book.
Was this review helpful to you?
Most Helpful Customer Reviews on Amazon.com (beta)
Amazon.com: 4.7 out of 5 stars  7 reviews
4 of 4 people found the following review helpful
5.0 out of 5 stars Very good book! July 9 2004
By Amazon Customer - Published on Amazon.com
One of most exciting areas to emerge in information security has been in the area of honeynets. These are networks designed to be compromised and capture all of the tools and activity of attackers
The Honeynet Project is a volunteer organization dedicated to researching and learning cyber-threats, and sharing our lessons learned. The project is made up of 30 security professionals around the world. They learn about cyber-threats by deploying networks around the world to be compromised. Once compromised, they capture all of the attacker's tools and activity, analyze, and learn from that. The value to this research is there is very little theory involved, they are capturing and seeing what is happening in the Internet today.
Very neat!
A honeynet is the primary tool used to capture attacker's activity. It is a type of honeypot, specifically a high-interaction honeypot. As a honeypot, honeynets work on the concept that they should not see any activity, no one has authorization to interact with them. As a result, any inbound or outbound connections to the honeynet is most likely unauthorized activity. This simple concept makes it highly effective in detecting and capturing both known and unknown activity. Honeynets work as a highly controlled network made up of real systems and applications for attackers to probe and compromise.
The book is about honeynets, how to use them, and what you can learn. The book is broken into three parts. The first part is focused on what honeynets are, how they work, the different types, and technical details on how you can deploy them safely. The second part focuses on how to analyze all the different data a honeynet can collect (network and host based forensics, reverse engineering, centralized data correlation, etc). The third part is specific examples of several honeynets being hacked, including Win2000, Linux, and Solaris. What makes the book so interesting is it ties all these different elements together. You can learn more at [...]
The book was not written by a single individual, but by leading experts in their field. They attempted to combine the best experiences and skills from some of the leading individuals. The book was organized by the Honeynet Project, but the contributing authors include members of the Honeynet Research Alliance, individuals from the Department of Justice, and others who have helped us in the past and wanted to contribute. Some examples of authors include Honeynet Project members Brian Carrier who wrote several chapters and Max Kilger who wrote about profiling. Honeynet Research Alliance members include the work of the Greek Honeynet Project writing about hacked Linux systems, and the Mexican Honeynet Project writing about hacked Solaris systems. They also had outside experts help out, including Richard Salgado of the DoJ author about legal issues, and Dion Mendel from Australia write about Reverse Engineering.
-- To defend against your threats, you have to first know who your enemy is -- I recommend this book!
6 of 7 people found the following review helpful
5.0 out of 5 stars Fills a unique niche... Aug. 1 2004
By Thomas Duff - Published on Amazon.com
Most of the time, your only close-up view of a computer attack is trying to sort out how someone compromised your production system. But there is a way to get hands-on experience with attack analysis, and Know Your Enemy - Learning About Security Threats by The Honeynet Project (Addison-Wesley) shows you how.

The chapter breakout: The Beginning; Honeypots; Honeynets; Gen1 Honeynets; Gen2 Honeynets; Virtual Honeynets; Distributed Honeynets; Legal Issues; The Digital Crime Scene; Network Forensics; Computer Forensics Basics; UNIX Computer Forensics; Windows Computer Forensics; Reverse Engineering; Centralized Data Collection and Analysis; Profiling; Attacks and Exploits: Lessons Learned; Windows 2000 Compromise and Analysis; Linux Compromise; Example of Solaris Compromise; The Future; IPTables Firewall Script; Snort Configuration; Swatch Configuration; Network Configuration Summary; Honeywall Kernel Configuration; Gen2 rc.firewall Configuration; Resources and References; About The Authors; Index

If you're not familiar with the concept, a honeypot is a computer set up to gain the attention of network intruders. The concept is that the intruder will spend time with that box and leave the rest of the network alone. A honeynet is the same thing but only at a network level. The authors of this book are experts at setting up these kind of systems in order to see how attackers work and discover new exploits before they are used against actual production systems. They take you through all the different parts of the process; how to set up a honeypot/honeynet, how to analyze an attack, what legal considerations have to be kept in mind, and examples of exploits that actually were recorded and analyzed.

While there are plenty of books that talk about computer security, there are few that show you how to take the offensive and learn first-hand how to analyze and understand real-life attacks. This is a unique offering that will have high appeal for the security professional looking for in-depth understanding of the attacker mindset.
2 of 3 people found the following review helpful
5.0 out of 5 stars Well written, researched and titled May 30 2004
By Jack D. Herrington - Published on Amazon.com
This is a fascinating read about how understanding hacking, from gathering the data, to the forensic analysis. The second part, on the forensic analysis is very detailed and well written.
The root idea is very simple, put an attractive target on the Internet, wait until it's hacked (and it will be), and then analyze the attack. The first part of the book covers the construction of these attractive 'honeypots'. The second part covers how to analyze the inevitable attack. The third part, which is the most high level, is about the culture of hacking and hackers.
I would recommend this book to anyone involved in securing systems on the open internet who has a good understanding of the technology behind networking and operating systems.
4.0 out of 5 stars Great Reference Tool June 8 2014
By Katherine Fournier - Published on Amazon.com
Verified Purchase
What's great: This book has a lot of scripting examples that can be used directly. Scripting and Windows personalities are thoroughly covered. Examples of how to apply this for network security and incidence response were greatly appreciated.
Could be improved: as an extreme novice, I would like more detailed step by step set up instructions
4.0 out of 5 stars struggle against blackhats continues May 29 2004
By W Boudville - Published on Amazon.com
The Honeynet Project grew out of an informal group of computer experts who decided to take an active role in tracking breakins to computers. Existing countermeasures, like firewalls, and frequent patches of discovered firmware bugs, were fundamentally defensive. And did not actively try to understand the capabilities and intentions of the crackers/intruders/blackhats.

This second edition describes what they term Gen 2 Honeynets. These are more sophisticated than Gen 1 networks of honeypots, where a honeypot is a computer expressly deployed for blackhats to intrude upon. The book delves in some length on how to construct a honeypot and a honeynet. Various configurations are possible. A honeypot could mimic a Microsoft computer or a Solaris or linux machine. There is more emphasis on the actual machine being linux, because of the open source nature, which has led to tools like Snort, Ethereal and Sebeb being available. Indeed, Snort-Inline and Sebek were developed by this project.

Lots of craft keyboard sniffing (Sebek) and network sniffing (Ethereal). Plus, variant arrangements like having one computer pretend to be several honeypots are described. Or another, where a honeynet might be physically distant from the production net, but linked to it via a VPN.

All this is scarcely the last word. The blackhats will certainly devour this book to concoct their next generation techniques. You can safely predict an eventual third edition of this book.
Search Customer Reviews
Only search this product's reviews

Look for similar items by category


Feedback