Honeypots: Tracking Hackers

Honeypots: Tracking Hackers

by Lance Spitzner
     
 

ISBN-10: 0321108957

ISBN-13: 9780321108951

Pub. Date: 09/28/2002

Publisher: Addison-Wesley

"The text is comprehensive, an honest survey of every honeypot technology I had ever heard of and a number I read about for the first time."
--Stephen Northcutt, The SANS Institute

"One of the great byproducts of Lance's work with honeypots and honeynets is that he's helped give us a much clearer picture of the hacker in action."

Overview

"The text is comprehensive, an honest survey of every honeypot technology I had ever heard of and a number I read about for the first time."
--Stephen Northcutt, The SANS Institute

"One of the great byproducts of Lance's work with honeypots and honeynets is that he's helped give us a much clearer picture of the hacker in action."
--From the Foreword by Marcus J. Ranum

"From the basics of shrink-wrapped honeypots that catch script kiddies to the detailed architectures of next-generation honeynets for trapping more sophisticated bad guys, this book covers it all....This book really delivers new information and insight about one of the most compelling information security technologies today."
--Ed Skoudis, author of Counter Hack, SANS instructor, and Vice President of Security Strategy for Predictive Systems

Honeypots are unique technological systems specifically designed to be probed, attacked, or compromised by an online attacker. Implementing a honeypot provides you with an unprecedented ability to take the offensive against hackers. Whether used as simple "burglar alarms," incident response systems, or tools for gathering information about hacker motives and tactics, honeypots can add serious firepower to your security arsenal.

Honeypots: Tracking Hackers is the ultimate guide to this rapidly growing, cutting-edge technology. The book starts with a basic examination of honeypots and the different roles they can play, and then moves on to in-depth explorations of six specific kinds of real-world honeypots: BackOfficer Friendly, Specter™, Honeyd, Homemade honeypots, ManTrap®, and Honeynets.

Honeypots also includes a chapter dedicated to legal issues surrounding honeypot use. Written with the guidance of three legal experts, this section explores issues of privacy, entrapment, and liability. The book also provides an overview of the Fourth Amendment, the Electronic Communications Privacy Act, the Wiretap Act, and the Pen/Trap Statute, with an emphasis on how each applies to honeypots.

With this book you will gain an understanding of honeypot concepts and architecture, as well as the skills to deploy the best honeypot solutions for your environment. You will arm yourself with the expertise needed to track attackers and learn about them on your own. Security professionals, researchers, law enforcement agents, and members of the intelligence and military communities will find this book indispensable.

0321108957B08282002

Product Details

ISBN-13:
9780321108951
Publisher:
Addison-Wesley
Publication date:
09/28/2002
Edition description:
BK&CD-ROM
Pages:
452
Product dimensions:
7.30(w) x 9.10(h) x 1.10(d)

Table of Contents

Foreword: Giving the Hackers a Kick Where It Hurts.

Preface.

1. The Sting: My Fascination with Honeypots.

The Lure of Honeypots.

How I Got Started with Honeypots.

Perceptions and Misconceptions of Honeypots.

Summary.

References.

2. The Threat: Tools, Tactics, and Motives of Attackers.

Script Kiddies and Advanced Blackhats.

Everyone Is a Target.

Methods of Attackers.

Targets of Opportunity.

Targets of Choice.

Motives of Attackers.

Adapting and Changing Threats.

Summary.

References.

3. History and Definition of Honeypots.

The History of Honeypots.

Early Publications.

Early Products.

Recent History: Honeypots in Action.

Definitions of Honeypots.

How Honeypots Work.

Two Examples of Honeypots.

Types of Honeypots.

Summmary.

References.

4. The Value of Honeypots.

Advantages of Honeypots.

Data Value.

Resources.

Simplicity.

Return on Investment.

Disadvantages of Honeypots.

Narrow Field of View.

Fingerprinting.

Risk.

The Role of Honeypots in Overall Security.

Production Honeypots.

Research Honeypots.

Honeypot Policies.

Summary.

References.

5. Classifying Honeypots by Level of Interaction.

Tradeoffs Between Levels of Interaction.

Low-Interaction Honeypots.

Medium-Interaction Honeypots.

High-Interaction Honeypots.

An Overview of Six Honeypots.

BackOfficer Friendly.

Specter.

Honeyd.

Homemade.

ManTrap.

Honeynets.

Summary.

Reference.

6. BackOfficer Friendly.

Overview of BOF.

The Value of BOF.

How BOF Works.

Installing, Configuring, and Deploying BOF.

Information Gathering and Alerting Capabilities.

Risk Associated with BOF.

Summary.

Tutorial.

Step 1—Installation.

Step 2—Configure.

Step 3—Netstat.

Step 4—Attack System.

Step 5—Review Alerts.

Step 6—Save Alerts.

References.

7. Specter.

Overview of Specter.

The Value of Specter.

How Specter Works.

Installing and Configuring Specter.

Operating System.

Character.

Services.

Intelligence, Traps, Password Types, and Notification.

Additional Options.

Starting the Honeypot.

Deploying and Maintaining Specter.

Information-Gathering and Alerting Capabilities.

Short Mail.

Alert Mail.

Log Analyzer.

Event Log.

Syslog.

Intelligence Gathering.

Risk Associated with Specter.

Summary.

References.

8. Honeyd.

Overview of Honeyd.

Value of Honeyd.

How Honeyd Works.

Blackholing.

ARP Spoofing.

ARP Proxy.

Responding to Attacks.

Installing and Configuring Honeyd.

Deploying and Maintaining Honeyd.

Information Gathering.

Risk Associated with Honeyd.

Summary.

References.

9. Homemade Honeypots.

An Overview of Homemade Honeypots.

Port Monitoring Honeypots.

The Value of Port Monitoring.

How Homemade Port Monitors Work.

Risk Associated with Homemade Port Monitors.

Jailed Environments.

The Value of Jails.

How Jails Work.

Installing and Configuring Jails.

Deploying and Maintaining Jails.

Information Gathering with Jails.

Risk Associated with Jails.

Summary.

References.

10. ManTrap.

Overview of ManTrap.

The Value of ManTrap.

Prevention.

Detection.

Response.

Research.

Nontraditional Applications.

Limitations.

How ManTrap Works.

Adjustments to the Kernel.

How ManTrap Handles the File System.

The Resulting Cages and Their Limitations.

Installing and Configuring ManTrap.

Building the Host System.

iButton and Configuration Options.

Client Administration.

Customizing the Cages.

Deploying and Maintaining ManTrap.

Information Gathering.

Data Capture in Practice: An Example Attack.

Viewing Captured Data

Data Capture at the Application Level.

File Recovery.

Using a Sniffer with ManTrap.

Using iButton for Data Integrity.

Risk Associated with ManTrap.

Summary.

References.

11. Honeynets.

Overview of Honeynets.

The Value of Honeynets.

Methods, Motives, and Evolving Tools.

Trend Analysis.

Incident Response.

Test Beds.

How Honeynets Work.

Controlling Data.

Capturing Data.

Collecting Data.

Honeynet Architectures.

GenI.

GenII.

Virtual Honeynets.

Sweetening the Honeynet.

Deploying and Maintaining Honeynets.

Information Gathering: An Example Attack.

Risk Associated with Honeynets.

Summary.

References.

12. Implementing Your Honeypot.

Specifying Honeypot Goals.

Selecting a Honeypot.

Interaction Level.

Commercial Versus Homemade Solutions.

Platform.

Determining the Number of Honeypots.

Selecting Locations for Deployment.

Placement for Prevention.

Placement for Detection.

Placement for Response

Placement for Research.

Implementing Data Capture.

Maximizing the Amount of Data.

Adding Redundancy to Data Capture.

IP Addresses Versus Resolved Names.

Logging and Managing Data.

Using NAT.

NAT and Private Addressing.

The Role of NAT with Honeypots.

Mitigating Risk.

Mitigating Fingerprinting.

Summary.

References.

13. Maintaining Your Honeypot.

Alert Detection.

Reliability of Alerts.

Critical Content.

Prioritizing Alerts.

Archiving.

Response.

Determining Reaction Practices and Roles.

Documenting Reaction Practices.

Remote Access and Data Control.

Data Analysis.

A Simple Scenario: Low-Interaction Honeypots.

A Complex Scenario: High-Interaction Honeypots.

Updates.

Summary.

References.

14. Putting It All Together.

Honeyp.com.

Matching Goals to Honeypot Solutions.

Deploying the Honeypots.

Maintaining the Honeypots.

Surviving and Responding to an Attack.

Honeyp.edu.

Matching Goals to Honeypot Solutions.

Deploying the Honeynet.

Maintaining the Honeynet.

Analyzing Attacks.

Summary.

References.

15. Legal Issues.

Are Honeypots Illegal?

Precedents.

Privacy.

The Fourth Amendment.

Stored Information: The Electronic Communications Privacy Act.

Real-Time Interception of Information: The Wiretap Act and the Pen/Trap Statute.

Entrapment.

Liability.

Summary.

References.

Resourcess.

16. Future of Honeypots.

From Misunderstanding to Acceptance.

Improving Ease of Use.

Easier Administration.

Prepackaged Solutions.

Closer Integration with Technologies.

Targeting Honeypots for Specific Purposes.

Expanding Research Applications.

Early Warning and Prediction.

Studying Advanced Attackers.

Identifying New Threats.

Deploying in Distributed Environments.

A Final Caveat.

Summary.

References.

Appendix A. BackOfficer Friendly ASCII File of Scans.

Appendix B. Snort Configuration File.

Appendix C. IP Protocols.

Appendix D. Definitions, Requirements, and Standards Document.

Appendix E. Honeynet Logs.

Index. 0321108957T09172002

Customer Reviews

Average Review:

Write a Review

and post it to your social network

     

Most Helpful Customer Reviews

See all customer reviews >