- Shopping Bag ( 0 items )
From Barnes & NobleThe Barnes & Noble Review
How do you know who’s attacking your systems, how they’re doing it, what’s driving them? Generally, you don’t. But what if you could watch crackers at your leisure, waiting to see what attracts them, how they behave, what strategies they use? Honeynets make this possible, and Know Your Enemy, Second Edition is the definitive guide to deploying and using them.
It’s written by the field’s leading experts: Lance Spitzner and the members of the Honeynet Project. In some cases, the inventors of specific honeynet technologies have written the corresponding chapters in this book.
Honeynets have come a long way since this book’s first edition. This edition is a nearly total rewrite. Those early honeynets -- now called “GenI” -- are still covered, because understanding them helps you understand what’s come since. But the focus is on the newer stuff.
You’ll learn about “GenII” honeynets that are easier to deploy, harder to detect, safer to maintain, and can capture the behavior of more sophisticated attackers. There’s a full chapter on virtual honeynets: self-contained honeynets that appear to be entire networks even though they’re deployed on one physical computer. Most powerful of all, there are distributed honeynets deployed across large networks or the Internet. These can capture a truly prodigious amount of data for early warning, prediction, trend analysis, and discovering new malware.
Once you’re running, there’s a full section on analysis: forensics for networks, Windows and Unix/Linux boxes; reverse engineering; centralized data collection, analysis, and correlation. Finally, if you’re even considering running a honeynet, you simply must read this book’s chapter on the relevant law. Bill Camarda
Bill Camarda is a consultant, writer, and web/multimedia content developer. His 15 books include Special Edition Using Word 2003 and Upgrading & Fixing Networks for Dummies, Second Edition.