Know Your Enemy: Learning About Security Threats

Overview

"The Honeynet guys have always been fighting the good fight: messing with the hackers' heads, learning what they're doing, collecting their tools and tricks, and sharing the knowledge with the rest of the good guys. It's one thing to sit around and try to guess what the hackers are up to, but the Honeynet Project just rolled up their sleeves and went on the offensive in their own unique way. Never before has being a victim been so cool! This book is a great resource for the serious information security ...

See more details below
Paperback (REV)
$40.19
BN.com price
(Save 26%)$54.99 List Price
Other sellers (Paperback)
  • All (14) from $7.49   
  • New (8) from $24.99   
  • Used (6) from $7.49   
Sending request ...

Overview

"The Honeynet guys have always been fighting the good fight: messing with the hackers' heads, learning what they're doing, collecting their tools and tricks, and sharing the knowledge with the rest of the good guys. It's one thing to sit around and try to guess what the hackers are up to, but the Honeynet Project just rolled up their sleeves and went on the offensive in their own unique way. Never before has being a victim been so cool! This book is a great resource for the serious information security professional and the beginning practitioner alike."
--Marcus J. Ranum, Senior Scientist, TrueSecure Corp.

"The Honeynet Project is one of the best sources, if not the best source, for information about current techniques and trends in the blackhat community. They are also how-to experts in setting up and gathering information--safely--about these attackers. The Honeynet Project's ability and willingness to share cutting-edge information is an immeasurable benefit to the security community."
--Jennifer Kolde, security consultant, author, and instructor

"Know Your Enemy contains an incredible wealth of information, including legal and sociological topics, that set it apart from other security books. The scope of this book is broad, and while no one book can teach people everything they need to know on such a topic, this one covers the subject better than any other source I know. Know Your Enemy will help security professionals with specific technical information, and it will help more general readers better understand a topic they need to learn about."
--William Robinson, former security training program manager at Sun Microsystems, curriculum coordinator for Fire Protection Publications.

"This book will be an extremely useful tool in helping a network security administrator or professional assemble the technical tools needed to build, maintain, analyze, and learn from a honeynet within their organization. Each technical chapter goes into great detail on commands, log formats, configuration files, network design, etc. As a professional working with many of these technologies on a daily basis, it is exciting to see all of this information in one place. The knowledge and experience of the authors in working with and developing honeynets has grown noticeably since the first book was published. This is a very positive revision."
--Sean Brown, IT Director, Applied Geographics, Inc.

"With the drastic increase in the number of attacks, it is important to have more people within the security industry studying attacks and attackers' motives and sharing their results with the community. This book begins by teaching users whether they should install a honeypot, and then gives details and information about honeypots and how they can deploy them."
--Kirby Kuehl, Cisco Systems

"Know Your Enemy reveals truths about the blackhat community and shows readers how to fight off attacks. The authors contribute their own experiences and offer the curious reader a rainbow of ideas."
--Laurent Oudot, security engineer, CEA

"The Honeynet Project has been blazing a trail and providing a hard dose of reality that computer security needs. Get behind the fantasy and learn what the hackers are really doing. This is great cutting-edge stuff!"
--Marcus J. Ranum, senior scientist, TruSecure Corp.

For centuries, military organizations have relied on scouts to gather intelligence about the enemy. In the field of information security, few scouts have ever existed. Very few organizations today know who their enemies are, how they might attack, when they might attack, and, perhaps most important, why they attack.

If the blackhat community is the enemy, then the Honeynet Project is a most valuable ally. In this completely revised and greatly expanded follow-up to their groundbreaking book, Know Your Enemy, members of the Honeynet Project, the Alliance, and the community (including Lance Spitzner, Brian Carrier, Anton Chuvakin, Eric Cole, Yannis Corovesis, Max Kilger, and Rob Lee) provide an unrivaled "intelligence report" on those who use the Internet for destructive purposes. They also provide an in-depth guide to honeynets--high-interaction honeypots designed to capture extensive information on exactly how your enemies operate so you can protect your systems from them.

Inside, you'll find extensive information on:

  • How to plan, build, and maintain first- and second-generation, virtual, and distributed honeynets.
  • How to capture and analyze data through a honeynet, including the latest on reverse engineering and forensics for Windows, UNIX, and networks.
  • Understanding the enemy, including real examples of incidents and compromised systems, types of attacks, and profiling.

Aimed at security professionals, but containing much information that is relevant for those with less technical backgrounds, this book teaches the technical skills needed to study and learn from a blackhat attack.

Read More Show Less

Editorial Reviews

From Barnes & Noble
The Barnes & Noble Review
How do you know who’s attacking your systems, how they’re doing it, what’s driving them? Generally, you don’t. But what if you could watch crackers at your leisure, waiting to see what attracts them, how they behave, what strategies they use? Honeynets make this possible, and Know Your Enemy, Second Edition is the definitive guide to deploying and using them.

It’s written by the field’s leading experts: Lance Spitzner and the members of the Honeynet Project. In some cases, the inventors of specific honeynet technologies have written the corresponding chapters in this book.

Honeynets have come a long way since this book’s first edition. This edition is a nearly total rewrite. Those early honeynets -- now called “GenI” -- are still covered, because understanding them helps you understand what’s come since. But the focus is on the newer stuff.

You’ll learn about “GenII” honeynets that are easier to deploy, harder to detect, safer to maintain, and can capture the behavior of more sophisticated attackers. There’s a full chapter on virtual honeynets: self-contained honeynets that appear to be entire networks even though they’re deployed on one physical computer. Most powerful of all, there are distributed honeynets deployed across large networks or the Internet. These can capture a truly prodigious amount of data for early warning, prediction, trend analysis, and discovering new malware.

Once you’re running, there’s a full section on analysis: forensics for networks, Windows and Unix/Linux boxes; reverse engineering; centralized data collection, analysis, and correlation. Finally, if you’re even considering running a honeynet, you simply must read this book’s chapter on the relevant law. Bill Camarda

Bill Camarda is a consultant, writer, and web/multimedia content developer. His 15 books include Special Edition Using Word 2003 and Upgrading & Fixing Networks for Dummies, Second Edition.

Read More Show Less

Product Details

  • ISBN-13: 9780321166463
  • Publisher: Addison-Wesley
  • Publication date: 5/21/2004
  • Edition description: REV
  • Edition number: 2
  • Pages: 800
  • Sales rank: 1,176,465
  • Product dimensions: 7.00 (w) x 9.05 (h) x 1.73 (d)

Meet the Author

The Honeynet Project is a nonprofit security research organization made up of volunteers. These volunteers are dedicated to learning the tools, tactics, and motives of the blackhat community and sharing lessons learned. The Honeynet Project has 30 members, and works with various other organizations through The Honeynet Research Alliance.

Read More Show Less

Read an Excerpt

To best defend yourself and to defeat your enemies, you must first understand them: who they are, how they operate, and why. Throughout the ages, countless armies have used this strategy of studying and understanding their enemies in order to defeat them. Just as this strategy was applicable in the days of Julius Caesar, Jan III Sobieski, and Genghis Khan, it can also be applied today in the world of cyberspace. However, whereas enemies of the past may have brandished swords and cannons, today's cyberspace enemies attempt to compromise, steal, or damage information resources using computers and Internet Protocol (IP) packets as their battlefields and weapons.

We all know that computers, networks, software applications, and the Internet have introduced opportunities to the world that no one thought possible. However, as is true with any technology, these same opportunities also carry risks. Whether they are called blackhats, hackers, crackers, disgruntled employees, insiders, or just plain attackers, technology has given these individuals a means to attack almost any resource in the world. While the computer systems and networks we rely on provide us with amazing power, these same systems and networks are static targets: In order to communicate with the rest of the world they must virtually "stay in one spot," which is a critical vulnerability. Blackhats can launch attacks against these information systems whenever they want, however they want, from wherever they want. In many ways, they have the initiative. No other technology has held such great potential for constructive purposes while at the same time giving attackers so much power to destroy that same potential. Thus,the Internet has created a global battlefield that spans not only governmental, military, and private enterprise sectors, but also the homes of millions of individual users.

Organizations, businesses, and individual computer owners spend millions of dollars each year to protect their computer resources against these attacks. Virus scanners, firewalls, intrusion detection systems (IDSs), encryption—all of these technologies and techniques are used to protect information systems against attacks. However, the bad guys still succeed, and their success is growing exponentially. One reason for this string of successes is that very few individuals or organizations have taken a step back to better understand who and what the nature of the threats are, how they operate, and why. Only when we are armed with this knowledge, can we better defend against and defeat our enemies.This book explains the nature of some of these very real threats and gives you the tools and techniques to better learn who your enemies are, how they operate, and why they choose to do so. To do this, we will teach you about "honeynets," a relatively new security technology made up of networks of systems that are designed to be compromised. When attackers break into a honeynet, their every activity, their every keystroke, email, and toolkit is captured, allowing you to see step-by-step how they operate. By learning how to analyze the data honeynets collect, you can better understand who your enemies are and know what you need to do to protect your systems from them.

The first book to discuss honeynets was the first edition of Know Your Enemy, written by Honeynet Project members in 2001. This book introduced the concepts of honeynets, how they worked, and how to analyze the information they captured. Since then, radical improvements have been made, not just in honeynet technology, but in deployment concepts and how to analyze the information collected by honeynets. Thus, the second edition of Know Your Enemy discusses the advances made since 2001. This new edition covers the older honeynet technologies covered in the first edition—now considered first-generation technologies—in greater detail, offers more examples, and introduces new tools for deploying and maintaining honeynets. Even more exciting, this second edition discusses new techniques and technologies never published before, including second-generation and distributed honeynets. Most of these new techniques have been tested and deployed by the Honeynet Project and Honeynet Research Alliance. The second edition also discusses data analysis in much greater detail, with entire chapters dedicated to Windows forensics, UNIX forensics, reverse engineering, and network forensics. All of this material is based on our experiences, with real-world examples to show you step-by-step all the issues involved.Perhaps most exciting about the second edition is that each chapter is written by specific members of the Honeynet Project, Honeynet Research Alliance, and contributors—people who have developed and deployed the technologies the book discusses in the real world. These are people and organizations who have had their honeynets repeatedly attacked and have learned from their success and failures, and now hope to share their experience with you. We hope you find this book as exciting and fun as we have found our research to be.Format of the Book

The format of this book is very similar to our first edition and is broken down into three main parts:


  • Honeynets, Chapters 1-8: In the first part, we discuss honeynets—what they are, their value, the different types, and how they work (in excruciating detail). We begin with the history of the Honeynet Project, then move onto what honeypots and honeynets are, their value, and the issues involved. We then discuss specific honeynet technologies (GenI and GenII) and move on to some more advanced deployments, such as virtual or distributed honeynets.
  • Analysis, Chapters 9-15: In the second part, we discuss how to analyze the data honeynets collect, including network and disk forensics and data analysis. We attempt to go into as much detail as possible, using real data from a variety of different attacks we have captured.
  • Examples, Chapters 16-20: In the third part, we cover what we have learned about common threats, using some examples of honeynets we have had compromised.

Finally, in Chapter 21, we finish the book up by discussing the future of this technology, and where it may be headed.At the end of the book you will find several appendixes detailing configurations and data output from critical tools.The Audience of This Book

Honeynets are used primarily for gathering information on threats. The information they collect has different value to different people, such as identifying insider threats, early warning and prediction, or intelligence gathering on specific new exploits, tools, or threats. This information can also shed light on the attackers themselves, revealing who is launching attacks, how they communicate, and what their motivations are. Thus, this book's target audience is security professionals—individuals who deal with attackers and have to protect their organizations on a daily basis.

Honeynets can capture and analyze information about attackers in both internal and external networks. Thus, in addition to security professionals, other organizations can benefit from this book. Security research organizations and universities can use the material in this book to conduct research on cyber threats using techniques that include content analysis or statistical analysis. Meanwhile, cyber attacks represent a serious threat against the critical information infrastructure of countries and governments, and cyber crime is a new threat law enforcement must deal with on a daily basis, with perpetrators being located all over the globe. Therefore, this book can also help government and law-enforcement organizations better understand and protect themselves against such threats by utilizing honeynets as a tool to identify, counter, and prosecute criminal activity. Military organizations will also find this book valuable, as cyber warfare has become a new, largely not understood, battleground, and honeynets can be deployed as a form of military intelligence. Finally, organizations and legal professionals will find Chapter 8 to be especially interesting, as it is one of the first definitive resources concerning the legal issues of honeynets, written by a member of the United States Department of Justice.Companion CD-ROM

This book also comes with a companion CD-ROM, providing you with all the tools, materials, source code, and data captures discussed in the book. In addition, this CD provides the documentation, configuration files, and techniques for deploying honeynets, as well as the logs, network captures, and disk images of numerous attacks. Our goal is not just to educate you, but to provide you with the resources you need to gain hands-on experience.Companion Web Site

The book also has a companion Web site (http://www.honeynet.org/book) whose purpose is to keep this material updated and to correct any discrepancies or mistakes identified in the book. For example, if any of the URLs mentioned in the book change, the book's Web site will provide you with updated links. In addition, you can visit the Web site to stay up-to-date with the latest in honeynet strategies.Chapter References

At the end of this book you will find a Resources and References section. This section will list, by chapter, all references made by that chapter, and where the reader can find additional information about topics discussed in this book. Examples include Web sites, white papers, and other books.Network Diagrams

Throughout this book you'll also find network diagrams demonstrating the deployment of honeynets. To help you better understand all the technologies involved, when possible we use different images for different types of systems. Honeynets consist of two different systems: those that you want to be attacked and those you do not. All production systems are illustrated as simple black and white computer objects. These are systems that you do not want to be attacked or compromised as they make up the internal architecture of a honeynet or are real-world production systems within an organization. Such systems include firewalls, intrusion detection sensors, and data collection systems.Systems within honeynets that you do want to be attacked are illustrated throughout the book with gray shading going through the system. These systems are referred to as "honeypots."About the Authors

As noted earlier, this book was written by members of the Honeynet Project, Honeynet Research Alliance, and active contributors. Each chapter was written by the members with the greatest experience in that area. These individuals are security professionals dedicated to learning more about the blackhat community and sharing the lessons they've learned. Each member brings unique skills and experiences to the table. For example, some members have extensive experience with Windows or UNIX forensics, others in reverse engineering, while still others have expertise in intrusion detection development, firewalls, network architecture, exploit analysis or in fields such as social psychology, statistics, foreign language translation, and profiling. The unique, multidisciplinary approach and expertise of these individuals combine to create an effective team, and we hope a very educational book. You will find the biographies of the authors involved in the creation of each chapter at the end of this book.

Read More Show Less

Table of Contents

Preface.

Foreword.

I. THE HONEYNET.

1. The Beginning.

The Honeynet Project.

The Honeynet Research Alliance.

Managing It All: Lessons We've Learned.

Summary.

2. Honeypots.

Definition of Honeypots.

Types of Honeypots.

Uses of Honeypots.

Summary.

3. Honeynets.

The Value of a Honeynet.

The Honeynet Architecture.

Risk.

Types of Honeynets.

Summary.

4. GenI Honeynets.

GenI Honeynet Architecture.

GenI Options for Data Control.

GenI Functionality for Data Capture.

A Complete GenI Honeynet Setup Example.

How It All Works Together: Example Attack Capture.

Summary.

5. GenII Honeynets.

GenII Honeynet Improvements.

GenII Honeynet Architecture.

GenII Data Control.

Data Capture.

GenII Honeynet Deployment.

Summary.

6. Virtual Honeynets.

What Is a Virtual Honeynet?

Self-Contained Virtual Honeynets.

Hybrid Virtual Honeynets.

Possible Implementation Solutions.

Summary.

7. Distributed Honeynets.

What Is a Distributed Honeynet?

Physical Distribution.

Honeypot Farms.

The Latency Problem.

Setting Up a Honeypot Farm.

Issues Common to All Distributed Honeynets.

Summary.

8. Legal Issues.

Monitoring Network Users.

Crime and the Honeynet.

Do No Harm: Liability to Others.

Summary.

II. THE ANALYSIS.

9. The Digital Crime Scene.

The Purpose and Value of Data Analysis.

Capturing Different Types of Data Within the Honeynet.

The Multiple Layers of Data Analysis and Their Value.

Summary.

10. Network Forensics.

Performing Network Forensics.

Network Traffic 101.

Capturing and Analyzing Network Traffic.

A Case Study from the Honeynet.

Analyzing Nonstandard Protocols.

Common Traffic Patterns for Forensic Analysts.

Passive Fingerprinting.

Summary.

11. Computer Forensics Basics.

Overview.

Analysis Environment.

Data Acquisition.

Summary.

12. UNIX Computer Forensics.

Linux Background.

Data Acquisition.

The Analysis.

Readiness Steps.

Summary.

13. Windows Computer Forensics.

Windows File Systems.

Data Acquisition.

Analysis of the System.

Analysis with Autopsy and the Sleuth Kit.

Summary.

14. Reverse Engineering.

Introduction.

Static Analysis.

Active Analysis.

A Walkthrough: The Honeynet Reverse Challenge.

Summary.

Further Reading.

15. Centralized Data Collection and Analysis.

Centralizing Data.

The Honeynet Security Console.

Summary.

III. THE ENEMY.

16. Profiling.

A Sociological Analysis of the Whitehat/Blackhat Community.

"A Bug's Life": The Birth, Life, and Death of an Exploit.

Intelligence-Based Information Security: Profiling and Much More.

Bringing It All Together.

Summary.

17. Attacks and Exploits: Lessons Learned.

Overview.

Types of Attacks.

Who Is Performing Attacks?

Common Steps to Exploiting a System.

Summary.

18. Windows 2000 Compromise and Analysis.

Honeypot Setup and Configuration.

Honeynet Setup and Configuration.

The Attack Log.

Threat Analysis/Profile.

Lessons Learned for Defense.

Lessons Learned About Attackers.

Summary.

19. Linux Compromise.

Honeynet Setup and Configuration.

Forensics Procedure.

The Days After.

Event Summary.

Summary.

20. Example of Solaris Compromise.

Honeynet Setup and Configuration.

The Events for Day 1.

Day 1 Summary of Events.

The Events for Day 3.

Day 3 Summary of Events.

Profiling of the Intruder.

Summary.

21. The Future.

Distributed Honeynets.

Advanced Threats.

Insider Threats.

Law Enforcement Applications.

Use and Acceptance.

Blackhat Response.

Summary.

Appendix A. IPTables Firewall Script.

Appendix B. Snort Configuration.

Appendix C. Swatch Configuration.

Appendix D. Network Configuration Summary.

Appendix E. Honeywall Kernel Configuration.

Appendix F. GenII rc.firewall Configuration.

Resources and References.

About the Authors.

Index.

Read More Show Less

Preface

To best defend yourself and to defeat your enemies, you must first understand them: who they are, how they operate, and why. Throughout the ages, countless armies have used this strategy of studying and understanding their enemies in order to defeat them. Just as this strategy was applicable in the days of Julius Caesar, Jan III Sobieski, and Genghis Khan, it can also be applied today in the world of cyberspace. However, whereas enemies of the past may have brandished swords and cannons, today's cyberspace enemies attempt to compromise, steal, or damage information resources using computers and Internet Protocol (IP) packets as their battlefields and weapons.

We all know that computers, networks, software applications, and the Internet have introduced opportunities to the world that no one thought possible. However, as is true with any technology, these same opportunities also carry risks. Whether they are called blackhats, hackers, crackers, disgruntled employees, insiders, or just plain attackers, technology has given these individuals a means to attack almost any resource in the world. While the computer systems and networks we rely on provide us with amazing power, these same systems and networks are static targets: In order to communicate with the rest of the world they must virtually "stay in one spot," which is a critical vulnerability. Blackhats can launch attacks against these information systems whenever they want, however they want, from wherever they want. In many ways, they have the initiative. No other technology has held such great potential for constructive purposes while at the same time giving attackers so much power to destroy that same potential. Thus, the Internet has created a global battlefield that spans not only governmental, military, and private enterprise sectors, but also the homes of millions of individual users.

Organizations, businesses, and individual computer owners spend millions of dollars each year to protect their computer resources against these attacks. Virus scanners, firewalls, intrusion detection systems (IDSs), encryption--all of these technologies and techniques are used to protect information systems against attacks. However, the bad guys still succeed, and their success is growing exponentially. One reason for this string of successes is that very few individuals or organizations have taken a step back to better understand who and what the nature of the threats are, how they operate, and why. Only when we are armed with this knowledge, can we better defend against and defeat our enemies.This book explains the nature of some of these very real threats and gives you the tools and techniques to better learn who your enemies are, how they operate, and why they choose to do so. To do this, we will teach you about "honeynets," a relatively new security technology made up of networks of systems that are designed to be compromised. When attackers break into a honeynet, their every activity, their every keystroke, email, and toolkit is captured, allowing you to see step-by-step how they operate. By learning how to analyze the data honeynets collect, you can better understand who your enemies are and know what you need to do to protect your systems from them.

The first book to discuss honeynets was the first edition of Know Your Enemy, written by Honeynet Project members in 2001. This book introduced the concepts of honeynets, how they worked, and how to analyze the information they captured. Since then, radical improvements have been made, not just in honeynet technology, but in deployment concepts and how to analyze the information collected by honeynets. Thus, the second edition of Know Your Enemy discusses the advances made since 2001. This new edition covers the older honeynet technologies covered in the first edition--now considered first-generation technologies--in greater detail, offers more examples, and introduces new tools for deploying and maintaining honeynets. Even more exciting, this second edition discusses new techniques and technologies never published before, including second-generation and distributed honeynets. Most of these new techniques have been tested and deployed by the Honeynet Project and Honeynet Research Alliance. The second edition also discusses data analysis in much greater detail, with entire chapters dedicated to Windows forensics, UNIX forensics, reverse engineering, and network forensics. All of this material is based on our experiences, with real-world examples to show you step-by-step all the issues involved.

Perhaps most exciting about the second edition is that each chapter is written by specific members of the Honeynet Project, Honeynet Research Alliance, and contributors--people who have developed and deployed the technologies the book discusses in the real world. These are people and organizations who have had their honeynets repeatedly attacked and have learned from their success and failures, and now hope to share their experience with you. We hope you find this book as exciting and fun as we have found our research to be.

Format of the Book

The format of this book is very similar to our first edition and is broken down into three main parts:

  • Honeynets, Chapters 1-8: In the first part, we discuss honeynets--what they are, their value, the different types, and how they work (in excruciating detail). We begin with the history of the Honeynet Project, then move onto what honeypots and honeynets are, their value, and the issues involved. We then discuss specific honeynet technologies (GenI and GenII) and move on to some more advanced deployments, such as virtual or distributed honeynets.
  • Analysis, Chapters 9-15: In the second part, we discuss how to analyze the data honeynets collect, including network and disk forensics and data analysis. We attempt to go into as much detail as possible, using real data from a variety of different attacks we have captured.
  • Examples, Chapters 16-20: In the third part, we cover what we have learned about common threats, using some examples of honeynets we have had compromised.

Finally, in Chapter 21, we finish the book up by discussing the future of this technology, and where it may be headed.

At the end of the book you will find several appendixes detailing configurations and data output from critical tools.

The Audience of This Book

Honeynets are used primarily for gathering information on threats. The information they collect has different value to different people, such as identifying insider threats, early warning and prediction, or intelligence gathering on specific new exploits, tools, or threats. This information can also shed light on the attackers themselves, revealing who is launching attacks, how they communicate, and what their motivations are. Thus, this book's target audience is security professionals--individuals who deal with attackers and have to protect their organizations on a daily basis.

Honeynets can capture and analyze information about attackers in both internal and external networks. Thus, in addition to security professionals, other organizations can benefit from this book. Security research organizations and universities can use the material in this book to conduct research on cyber threats using techniques that include content analysis or statistical analysis. Meanwhile, cyber attacks represent a serious threat against the critical information infrastructure of countries and governments, and cyber crime is a new threat law enforcement must deal with on a daily basis, with perpetrators being located all over the globe. Therefore, this book can also help government and law-enforcement organizations better understand and protect themselves against such threats by utilizing honeynets as a tool to identify, counter, and prosecute criminal activity. Military organizations will also find this book valuable, as cyber warfare has become a new, largely not understood, battleground, and honeynets can be deployed as a form of military intelligence. Finally, organizations and legal professionals will find Chapter 8 to be especially interesting, as it is one of the first definitive resources concerning the legal issues of honeynets, written by a member of the United States Department of Justice.

Companion CD-ROM

This book also comes with a companion CD-ROM, providing you with all the tools, materials, source code, and data captures discussed in the book. In addition, this CD provides the documentation, configuration files, and techniques for deploying honeynets, as well as the logs, network captures, and disk images of numerous attacks. Our goal is not just to educate you, but to provide you with the resources you need to gain hands-on experience.

Companion Web Site

The book also has a companion Web site (http://www.honeynet.org/book) whose purpose is to keep this material updated and to correct any discrepancies or mistakes identified in the book. For example, if any of the URLs mentioned in the book change, the book's Web site will provide you with updated links. In addition, you can visit the Web site to stay up-to-date with the latest in honeynet strategies.

Chapter References

At the end of this book you will find a Resources and References section. This section will list, by chapter, all references made by that chapter, and where the reader can find additional information about topics discussed in this book. Examples include Web sites, white papers, and other books.

Network Diagrams

Throughout this book you'll also find network diagrams demonstrating the deployment of honeynets. To help you better understand all the technologies involved, when possible we use different images for different types of systems. Honeynets consist of two different systems: those that you want to be attacked and those you do not. All production systems are illustrated as simple black and white computer objects. These are systems that you do not want to be attacked or compromised as they make up the internal architecture of a honeynet or are real-world production systems within an organization. Such systems include firewalls, intrusion detection sensors, and data collection systems.

Systems within honeynets that you do want to be attacked are illustrated throughout the book with gray shading going through the system. These systems are referred to as "honeypots."

About the Authors

As noted earlier, this book was written by members of the Honeynet Project, Honeynet Research Alliance, and active contributors. Each chapter was written by the members with the greatest experience in that area. These individuals are security professionals dedicated to learning more about the blackhat community and sharing the lessons they've learned. Each member brings unique skills and experiences to the table. For example, some members have extensive experience with Windows or UNIX forensics, others in reverse engineering, while still others have expertise in intrusion detection development, firewalls, network architecture, exploit analysis or in fields such as social psychology, statistics, foreign language translation, and profiling. The unique, multidisciplinary approach and expertise of these individuals combine to create an effective team, and we hope a very educational book. You will find the biographies of the authors involved in the creation of each chapter at the end of this book.

0321166469P05202004

Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star

(0)

4 Star

(0)

3 Star

(0)

2 Star

(0)

1 Star

(0)

Your Rating:

Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation

Reminder:

  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

 
Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously
Sort by: Showing all of 2 Customer Reviews
  • Posted May 6, 2009

    more from this reviewer

    Preoccupation with these endeavors could mean

    Today we have broadened our horizons with this new technology called the internet. As with most new innovations the promise is to improve upon society. What this book points out is how the internet has proven to be a place where there is a growing fancy by governments, corporations, and everyday people to engage in practices of hacking, intrusion, repression, racism, far beyond the definitions of the past. The book points out how the motivating factors of greed, and control almost to a level of totalitarian extremes could in fact culminate the utter destruction of societies on a global scale, and could bring the utter annihilation of the planet. Quite possible the statement, "America will destroy itself from within", has changed to, "The world will destroy itself from within". This is whee critical thinking, and global response is necessary in order to come full circle and understand what we might be doing to one another if the course of this history is not changed.

    This is my scholarly, and stoic point of view.

    Was this review helpful? Yes  No   Report this review
  • Anonymous

    Posted May 26, 2004

    The Struggle Continues

    The Honeynet Project grew out of an informal group of computer experts who decided to take an active role in tracking breakins to computers. Existing countermeasures, like firewalls and frequent patching of discovered bugs, were fundamentally defensive. And these did not actively try to understand the capabilities of the crackers/intruders/blackhats. This second edition describes what the authors call Gen 2 Honeynets. These are more sophisticated (than Gen 1) networks of honeypots, where a honeypot is a computer expressly deployed for blackhats to intrude upon. The book delves in some length on how to construct a honeypot and a honeynet. Various configurations are possible. A honeypot could mimic a Microsoft computer, or a Solaris or linux box. There is more emphasis on the actual machine being linux because of the open source nature, which has led to the development of tools like Snort, Ethereal and Sebek. Indeed, Snort-Inline and Sebek were developed by the Honeynet Project. The book talks about the crafty keyboard sniffing via Sebek, and the network sniffing using Ethereal. Plus, variant arrangements like having one computer pretend to be several honeypots are also discussed. Or, also, where a honeynet might be physically far from the production net (which is the actual computers for regular usage), but linked to it via a VPN. It turns out that in this case, if the honeynet is far enough away, if the blackhat does a ping and compares the times to those to the production net, she can quickly see a discrepancy. So she can suspect the presence of the honeynet. There appears to be more means to counteract this, as it is ultimately due to the speed of light constraint on signal speed. Overall, this book is scarcely the last word in fighting blackhats. The blackhats will certainly devour this book to concoct their next generation efforts. You can safely predict a third edition of this book.

    Was this review helpful? Yes  No   Report this review
Sort by: Showing all of 2 Customer Reviews

If you find inappropriate content, please report it to Barnes & Noble
Why is this product inappropriate?
Comments (optional)