Honeypots: Tracking Hackers View Larger Image | Lance Spitzner
Addison-Wesley, Paperback, Bk&CD edition, Published September 2002, 452 pages, ISBN 0321108957 | List Price: $44.99
Our Price: $28.50
You Save: $16.49 (37% Off)
| | | Availability: Out-Of-Stock |
Customer Reviews: 1 Average Customer Rating:   Write a Review and tell the world about this title! People who purchase this book frequently purchase: Books on similar topics, in best-seller order:Books from the same publisher, in best-seller order:
Table of Contents
Foreword.
Preface.
1. The Sting: My Fascination with Honeypots.
The Lure of Honeypots.
How I Got Started with Honeypots.
Perceptions and Misconceptions of Honeypots.
2. The Threat: Tools, Tactics and Motives of Attackers.
Script Kiddies and Advanced Blackhats.
Everyone is a Target.
Methods of Attackers.
Targets of Opportunity.
Targets of Choice.
Motives of Attackers.
Adapting and Changing Threats.
3. History and Definition of Honeypots.
The History of Honeypots.
Early Publications.
Early Products.
Recent History: Honeypots in Action.
Definitions of Honeypots.
How Honeypots Work.
Types of Honeypots.
4. The Value of Honeypots.
Advantages of Honeypots.
Resources.
Simplicity.
Return on Investment.
Disadvantages of Honeypots.
Narrow Field of View.
Fingerprinting.
Risk.
The Role of Honeypots in Overall Security.
Production Honeypots.
Research Honeypots.
Honeypots Policies.
5. Classifying Honeypots by Level of Interaction.
Tradeoffs between Levels of Interaction.
Low Interaction Honeypots.
Medium Interaction Honeypots.
High Interaction Honeypots.
An Overview of Six Honeypots.
Back Officer Friendly.
Specter.
Honeyd.
Homemade.
ManTrap.
Honeynets.
6. Back Officer Friendly.
Overview of BOF.
The Value of BOF.
How BOF Works.
Installing, Configuring and Deploying BOF.
Information Gathering and Alerting Capabilities.
Risk Associated with BOF.
7. Specter.
Overview of Specter.
The Value of Specter.
How Specter Works.
Installing and Configuring Specter.
Operating System.
Character.
Services.
Intelligence, Traps, Password Types and Notification.
Additional Options.
Starting the.
Deploying and Maintaining Specter.
Information Gathering and Alerting Capabilities.
Short Mail.
Alert Mail.
Log Analyzer.
Event Log.
Syslog.
Intelligence Gathering.
Risk Associated with Specter.
8. Honeyd.
Overview of Honeyd.
Value of Honeyd.
How Honeyd Works.
Blackholing.
ARP Spoofing.
ARP Proxy.
Responding to Attacks.
Installing and Configuring Honeyd.
Deploying and Maintaining Honeyd.
Information Gathering.
Risk Associated with Honeyd.
9. Homemade Honeypots.
An Overview of Homemade Honeypots.
Port Monitoring Honeypots.
The Value of Port Monitoring.
How Homemade Port Monitors Work.
Risk Associated with Homemade Port Monitors.
Jail Environments.
The Value of Jails.
How Jails Work.
Installing and Configuring Jails.
Deploying and Maintaining Jails.
Information Gathering with Jails.
Risk Associated with Jails.
10. ManTrap.
An Overview of ManTrap.
The Value of ManTrap.
Prevention.
Detection.
Response.
Research.
Non-Traditional Applications.
Limitations.
How ManTrap Works.
Adjustments to the Kernel.
How ManTrap Handles the File System.
The Resulting Cages and Their Limitations.
Installing and Configuring ManTrap.
Building the Host System.
iButton and Configuration Options.
Client Administration.
Customizing the Cages.
Deploying and Maintaining ManTrap.
Information Gathering.
Data Capture in Practice: An Example Attack.
Viewing Captured Data.
Data Capture at the Application Level.
File Recovery.
Using a Sniffer with ManTrap.
Using iButton for Data Integrity.
Risk Associated with ManTrap.
11. Honeynets.
Overview of Honeynets.
The Value of Honeynets.
Methods, Motives and Evolving Tools.
Trend Analysis.
Incident Response.
Test Beds.
How Honeynets Work.
Controlling Data.
Capturing Data.
Collecting Data.
Honeynet Architectures.
GenI.
GenII.
Virtual Honeynets.
Sweetening the Honeynet.
Deploying and Maintaining Honeynets.
Information Gathering: An Example Attack.
Risk Associated with Honeynets.
12. Implementing Your Honeypot.
Specifying Honeypot Goals.
Selecting a Honeypot.
Interaction Level.
Commercial versus Homemade Solutions.
Platform.
Determining the Number of Honeypots.
Selecting Locations for Deployment.
Placement for Prevention.
Placement for Detection.
Placement for Response.
Placement for Research.
Implementing Data Capture.
Maximizing the Amount of Data.
Adding Redundancy to Data Capture.
IP Addresses versus Resolved Names.
Logging and Managing Data.
Using NAT.
NAT and Private Addressing.
The Role of NAT with Honeypots.
Mitigating Risk.
Mitigating Fingerprinting.
13. Maintaining Your Honeypot.
Alert Detection.
Reliability of Alerts.
Critical Content.
Prioritizing Alerts.
Archiving.
Response.
Determining Reaction Practices and Roles.
Documenting Reaction Practices.
Remote Access and Data Control.
Data Analysis.
A Simple Scenario: Low-Interaction Honeypots.
A Complex Scenario: High-Interaction Honeypots.
Updates.
14. Putting it All Together.
Honeyp.com.
Matching Goals to Honeypot Solutions.
Deploying the Honeypots.
Maintaining the Honeypots.
Surviving and Responding to an Attack.
Honeyp.edu.
Matching Goals to Honeypot Solutions.
Deploying the Honeynet.
Maintaining the Honeynet.
Analyzing Attacks.
15. Legal Issues.
Are Honeypots Illegal?
Precedents.
Privacy.
The Fourth Amendment.
Stored Information: The Electronic Communications Privacy Act.
Real Time Interception of Information: The
Wiretap Act and the Pen/Trap Statute.
Entrapment.
Liability.
16. Future of Honeypots.
From Misunderstanding to Acceptance.
Improving Ease of Use.
Easier Administration.
Pre-packaged Solutions.
Closer Integration with Technologies.
Targeting Honeypots for Specific Purposes.
Expanding Research Applications.
Early Warning and Prediction.
Studying Advanced Attackers.
Identifying New Threats.
Deploying in Distributed Environments.
A Final Caveat.
Appendix A: BackOfficer Friendly ASIII File of Scans.
Appendix B: Snort Configuration File.
Appendix C: IP Protocols.
Appendix D: Definition, Requirements and Standards Document.
Appendix E: Honeynet Logs.
Index.
Customer Reviews
Customer Reviews: 1 Average Customer Rating: Feb 11, 2003 ace9999
Good First Book
This book is good as the first book if you need to read on Honeypots. Covers almost everything there is to but is less technical. Thats the only drawback of this book.
|
