- Paperback: 352 pages
- Publisher: Addison-Wesley Professional; 1 edition (Aug 31 2001)
- Language: English
- ISBN-10: 0201746131
- ISBN-13: 978-0201746136
- Product Dimensions: 23.5 x 18.8 x 2.3 cm
- Shipping Weight: 726 g
- Average Customer Review: 4.0 out of 5 stars See all reviews (23 customer reviews)
- Amazon Bestsellers Rank: #1,385,769 in Books (See Top 100 in Books)
- See Complete Table of Contents
|
||||||||||||||||||
|
||||||||||||||||||
|
||||||||||||||||||
| |||||||||||||||
Product Details |
Product Description
Book Description
This book shares the lessons of the Honeynet Project, in which leading security professionals built networks designed to be compromised. From this they learned everything possible from the "blackhat" hackers who took the bait- their tools, their tactics, and their motives. The insights in this book will go a long way towards helping security professionals protect their networks against real attacks. If thats not enough, the book shows you how to build your own honeynet, learning even more about todays most significant exploits -- and tomorrows. Lance Spitzer, leader of The Honeynet Project, begins by introducing honeynets and honeypots (the parts that make up the honeynet network), explaining how they work, and showing how to build one. Next, Know Your Enemy focuses on an in-depth analysis of attacks, including detailed analyses of compromised systems, and techniques for containing blackhat hackers while you gather evidence and work to identify them. Part III takes you into the minds of the blackhat hackers, focusing on the evidence left by actual attacks -- not theory or speculation. For all computer security specialists, and network and system administrators concerned with intrusion detection and security.
From the Inside Flap
Have you ever wondered what motivates blackhats, often called hackers, to attack, compromise, and exploit systems or what hackers do once they own them? Well, the purpose of this book is to teach you about this enemy, aka the blackhat. These individuals are attempting to use Internet technology to carry out illegal, destructive, or unauthorized activities. This activity could be as simple as a teenager attempting to vandalize Web sites, a sophisticated attempt at compromising credit card companies, or terrorist attacks against a country's infrastructure. Regardless of who you are--a homeowner with a cable modem connection, a security administrator for a large organization, or an information warfare officer for the military--these threats are for real. This book will teach you the tools, tactics, and motives of these threats: to know your enemy.
This book is the result of a 2-year project known as the Honeynet Project. What makes our research unique is that we let the blackhat community teach us how they operate. Instead of trying to guess who the enemy is and to develop theories on how blackhats think and operate, we have them teach us their tools, tactics, and motives. Our primary method for learning is the Honeynet, a collection of production systems designed to be compromised. When the bad guys probe, attack, and compromise our systems, we watch and learn from their every step. In the past two years, we have learned a great deal from having had numerous systems probed, attacked, and compromised. This book is an attempt to share those lessons.This site will contain any additional information relative to this book, such as corrections or updates, and unabridged text of the chat sessions in Chapter 11.
For those of you without a technical background, this book will show you in simple terms how the bad guys accomplish what they do. You do not have to understand all the technical details to learn how the enemy operates and thinks. We will also teach you some of the technical skills necessary to study an attack and to learn from it. For those of you with technical backgrounds, we will develop your skill sets in capturing and analyzing data, such as forensic analysis. However, the end goal is the same regardless of your skill set: to teach you what we have learned about the blackhat community and how we learned it. We hope that by better understanding the enemy, you can better defend against attack.
This book has three parts. In Part I, we cover step-by-step how we plan, build, and maintain a Honeynet and the risk/issues involved. In Part II, we show you step-by-step how we use a Honeynet and how we learn from it, specifically, data analysis. In Part III, we cover what we have learned about the blackhat community, including several specific examples of compromised honeypots. We discuss as little theory as possible, instead focusing on the actions of the blackhats we have witnessed and the lessons we have learned. We hope that you learn as much from this book as we have learned from the blackhat community.
0201746131P08212001
Tag this product(What's this?)Think of a tag as a keyword or label you consider is strongly related to this product.
Tags will help all customers organize and find favorite items. |
Customer Reviews
|
Share your thoughts with other customers:
|
||||||||||||||||||||||
|
Most helpful customer reviews
5.0 out of 5 stars
Very good book!,
By "haddad_i" (Montreal, Canada) - See all my reviews
This review is from: Know Your Enemy: Learning about Security Threats (Paperback)
One of most exciting areas to emerge in information security has been in the area of honeynets. These are networks designed to be compromised and capture all of the tools and activity of attackersThe Honeynet Project is a volunteer organization dedicated to researching and learning cyber-threats, and sharing our lessons learned. The project is made up of 30 security professionals around the world. They learn about cyber-threats by deploying networks around the world to be compromised. Once compromised, they capture all of the attacker's tools and activity, analyze, and learn from that. The value to this research is there is very little theory involved, they are capturing and seeing what is happening in the Internet today. Very neat! A honeynet is the primary tool used to capture attacker's activity. It is a type of honeypot, specifically a high-interaction honeypot. As a honeypot, honeynets work on the concept that they should not see any activity, no one has authorization to interact with them. As a result, any inbound or outbound connections to the honeynet is most likely unauthorized activity. This simple concept makes it highly effective in detecting and capturing both known and unknown activity. Honeynets work as a highly controlled network made up of real systems and applications for attackers to probe and compromise. The book is about honeynets, how to use them, and what you can learn. The book is broken into three parts. The first part is focused on what honeynets are, how they work, the different types, and technical details on how you can deploy them safely. The second part focuses on how to analyze all the different data a honeynet can collect (network and host based forensics, reverse engineering, centralized data correlation, etc). The third part is specific examples of several honeynets being hacked, including Win2000, Linux, and Solaris. What makes the book so interesting is it ties all these different elements together. You can learn more at http://www.honeynet.org/book/ The book was not written by a single individual, but by leading experts in their field. They attempted to combine the best experiences and skills from some of the leading individuals. The book was organized by the Honeynet Project, but the contributing authors include members of the Honeynet Research Alliance, individuals from the Department of Justice, and others who have helped us in the past and wanted to contribute. Some examples of authors include Honeynet Project members Brian Carrier who wrote several chapters and Max Kilger who wrote about profiling. Honeynet Research Alliance members include the work of the Greek Honeynet Project writing about hacked Linux systems, and the Mexican Honeynet Project writing about hacked Solaris systems. They also had outside experts help out, including Richard Salgado of the DoJ author about legal issues, and Dion Mendel from Australia write about Reverse Engineering. -- To defend against your threats, you have to first know who your enemy is -- I recommend this book!
5.0 out of 5 stars
Well written, researched and titled,
By
This review is from: Know Your Enemy: Learning about Security Threats (Paperback)
This is a fascinating read about how understanding hacking, from gathering the data, to the forensic analysis. The second part, on the forensic analysis is very detailed and well written.The root idea is very simple, put an attractive target on the Internet, wait until it's hacked (and it will be), and then analyze the attack. The first part of the book covers the construction of these attractive 'honeypots'. The second part covers how to analyze the inevitable attack. The third part, which is the most high level, is about the culture of hacking and hackers. I would recommend this book to anyone involved in securing systems on the open internet who has a good understanding of the technology behind networking and operating systems.
4.0 out of 5 stars
The struggle against blackhats continues,
By
This review is from: Know Your Enemy: Learning about Security Threats (Paperback)
[This is a review of the Second Edition, May 2004.]The Honeynet Project grew out of an informal group of computer experts who decided to take an active role in tracking breakins to computers. Existing countermeasures, like firewalls, and frequent patches of discovered firmware bugs, were fundamentally defensive. And did not actively try to understand the capabilities and intentions of the crackers/intruders/blackhats. This second edition describes what they term Gen 2 Honeynets. These are more sophisticated than Gen 1 networks of honeypots, where a honeypot is a computer expressly deployed for blackhats to intrude upon. The book delves in some length on how to construct a honeypot and a honeynet. Various configurations are possible. A honeypot could mimic a Microsoft computer or a Solaris or linux machine. There is more emphasis on the actual machine being linux, because of the open source nature, which has led to tools like Snort, Ethereal and Sebeb being available. Indeed, Snort-Inline and Sebek were developed by this project. Lots of craft keyboard sniffing (Sebek) and network sniffing (Ethereal). Plus, variant arrangements like having one computer pretend to be several honeypots are described. Or another, where a honeynet might be physically distant from the production net, but linked to it via a VPN. All this is scarcely the last word. The blackhats will certainly devour this book to concoct their next generation techniques. You can safely predict an eventual third edition of this book.
Share your thoughts with other customers: Create your own review
Want to see more reviews on this item?
|
Most recent customer reviews |
Listmania!
Look for similar items by category
- Books > Computers & Internet > Business & Culture > Hacking
- Books > Computers & Internet > Business & Culture > Privacy
- Books > Computers & Internet > Business & Culture > Security
- Books > Computers & Internet > Certification Central > Exams > Security+
- Books > Computers & Internet > Computer Science > Software Engineering > Information Systems
- Books > Computers & Internet > Networking > Network Security
- Books > Computers & Internet > Networking > Networks, Protocols & APIs
- Books > Computers & Internet > Web Development > Security & Encryption > Encryption
Look for similar items by subject
Feedback
Would you like to update product info or give feedback on images?
