 |
Know Your Enemy: Learning About Security Threats View Larger Image | The Honeynet Project
Addison-Wesley, Paperback, 2nd Bk&CD edition, Published May 2004, 768 pages, ISBN 0321166469 | List Price: $54.99
Our Price: $34.95
You Save: $20.04 (36% Off)
| | | Availability: Out-Of-Stock |
Be the First to Write a Review and tell the world about this title!People who purchase this book frequently purchase: - Honeypots: Tracking Hackers; Lance Spitzner, $28.50, 37% Off!
- The Tao of Network Security Monitoring: Beyond Intrusion Detection; Richard Bejtlich, $40.95, 37% Off!
- Inside Network Perimeter Security, 2nd Edition; Stephen Northcutt, et al, $27.25, 45% Off!
- File System Forensic Analysis; Brian Carrier, $37.50, 37% Off!
Books on similar topics, in best-seller order:Books from the same publisher, in best-seller order:
For centuries, military organizations have relied on scouts to gather intelligence
about the enemy. The scouts' mission: find out who the enemy is, what they are
doing, how they might attack, the weapons they use, and their ultimate objectives.
Time and again this kind of data has proven critical in defending against, and
defeating, the enemy.
In the field of information security, scouts have never existed. Very few organizations
today know who their enemies are, how they might attack, when they might attack,
what enemies do once they compromise a system, and, perhaps most important,
why they attack.
If the blackhat community is the enemy, then The Honeynet Project is a most
valuable ally. In this greatly revised and expanded follow-up to their groundbreaking
book, Know Your Enemy, members of The Honeynet Project (including Lance
Spitzner, Brian Carrier, Anton Chuvakin, Eric Cole, Yannis Corovesis, Max Klinger,
and Rob Lee) provide an unrivaled "intelligence report" on those who use the
Internet for destructive purposes. They also provide an in-depth guide to honeynets--high-interaction
honeypots designed to capture extensive information on exactly how your enemies
operate so you can protect your systems from them.
Inside, you'll find extensive information on:
- How to plan, build, and maintain first- and second-generation, virtual,
and distributed honeynets.
- How to capture and analyze data through a honeynet, including the latest
on reverse engineering and forensics for Windows, UNIX, and networks.
- Understanding the enemy, including real and designed incidents and compromised
systems, types of attacks, and profiling.
Aimed at both security professionals and those with a nontechnical background,
this book teaches the technical skills needed to study and learn from a blackhat
attack. The accompanying CD-ROM includes documentation, configuration files,
and techniques for deploying honeynets, as well as the logs, network captures,
and disk images of numerous actual attacks.
"The Honeynet Project is one of the best sources, if not the best source,
for information about current techniques and trends in the blackhat community.
They are also how-to experts in setting up and gathering information--safely--about
these attackers."
--Jennifer Kolde, security consultant, author, and instructor
"Know Your Enemy contains an incredible wealth of information, including
legal and sociological topics, that sets it apart from other security books.
The scope of this book is broad, and while no one book can teach people everything
they need to know on such a topic, this one covers the subject better than any
other source I know."
--William Robinson, former security training program manager at Sun Microsystems,
curriculum coordinator for Fire Protection Publications
"With the drastic increase in the number of attacks, it is important to have
more people within the security industry studying attacks and attackers' motives
and sharing their results with the community. This book begins by teaching users
whether they should install a honeypot, and then gives details and information
about honeypots and how they can deploy them."
--Kirby Kuehl, Cisco Systems
About the Author
The Honeynet Project is a nonprofit security research organization made up of
volunteers. These volunteers are dedicated to learning the tools, tactics, and
motives of the blackhat community and sharing lessons learned. The Honeynet
Project has 30 members, and works with various other organizations through The
Honeynet Research Alliance.
Table of Contents
Preface.
I: THE HONEYNET.
1. The Beginning by Lance Spitzner.
The Honeynet Project.
The Honeynet Research Alliance.
Managing it All: Lessons We've Learned.
Summary.
2. Honeypots by Lance Spitzner.
Definition of Honeypots.
Types of Honeypots.
Uses of Honeypots.
Summary.
3. Honeynets by Lance Spitzner.
The Value of a Honeynet.
The Honeynet Architecture.
Types of Honeynets.
Summary.
4. Generation I Honeynets by Anton Chuvakin.
GenI Honeynet Architecture.
Options for Data Control.
Functionality for Data Capture.
A Complete GenI Honeynet Setup Example.
How it all Works Together: Example Attack Capture.
Summary.
Appendix A: Iptables firewall script.
Appendix B: Snort configuration.
Appendix C: Swatch configuration.
5: GenII Honeynets by Yannis Corovesis, Charalampos Koutsouris, and Yannis
Papapanos.
GenII Honeynet Improvements.
GenII Honeynet Architecture.
GenII Data Control.
Data Capture.
GenII Honeynet Deployment.
Summary.
6. Virtual Honeynets by Michael Clark.
What is a Virtual Honeynet?
Self Contained Virtual Honeynets.
Hybrid Virtual Honeynets.
Possible Implementation Solutions.
Summary.
7. Distributed Honeynets by Edward Balas.
What is a Distributed Honeynet?
Physical Distribution.
Honeypot Farms.
The Latency Problem.
Setting Up a Honeypot Farm.
Honeypot Farm Example Using Linux.
Issues Common to All Distributed Honeynets.
Summary.
8. Legal Issues by Richard Salgado.
Monitoring Network Users.
Crime and the Honeynet.
Do No Harm: Liability to Others.
Summary.
II: THE ANALYSIS.
9. The Digital Crime Scene by Richard LaBella.
The Purpose and Value of Data Analysis.
Capturing Different Types of Data within the Honeynet.
The Multiple Layers of Data Analysis and Their Value.
Summary.
10. Network Forensics by Roshen Chandra.
Performing Network Forensics.
Network Traffic 101.
Capturing and Analyzing Network Traffic.
A Case Study from the Honeynet.
Analyzing Non-Standard Protocols.
Common Traffic Patterns for Forensic Analysts.
Summary.
11. Computer Forensics Basics by Brian Carrier.
Analysis Environment.
Data Acquisition.
Summary.
12. Unix Computer Forensics by Brian Carrier.
Linux Background.
Data Acquisition.
The Analysis.
Readiness Steps.
Summary.
13. Windows Computer Forensics by Rob Lee.
Windows Filesystems.
Data Acquisition.
Analysis of the System.
Analysis with Autopsy and the Sleuth Kit.
Summary.
14. Reverse Engineering by Dion Mendel.
Introduction.
Static Analysis.
Active Analysis.
A Walkthrough: The Honeynet Reverse Challenge.
Summary.
15. Centralized Data Analysis, Collection, and Correlation by Jeff Dell.
Centralizing Data.
The Honeynet Security Console.
Summary.
III: THE ENEMY.
16. Profiling by Max Kilger, Ofir Arkin, and Jeff Stutzman.
"A Bug's Life": The Birth, Life and Death of an Exploit.
Intelligence-Based Information Security: Profiling and Much Much More.
Bringing It All Together.
Summary.
17. Attacks and Exploits: Lessons Learned by Eric Cole.
Overview.
Type of Attacks.
Common Steps to Exploiting a System.
Summary.
18. Windows 2000 Compromise and Analysis by Patrick McCarty.
Honeypot Setup and Configuration.
Honeynet Setup and Configuration.
The Attack Log.
Threat Analysis/Profile.
Lessons Learned for Defense.
Lessons Learned about Attackers.
Summary.
19. Linux Hack by Yannis Corovesis.
Introduction.
Honeynet Setup and Configuration.
Forensics Procedure.
The days after.
Event Summary.
Conclusions.
20. Example of a Solaris Intrusion by Raul Garcia.
Honeynet Setup and Configuration.
The Events for Day 1.
Day 1: Summary of Events.
The Events for Day 3.
Day 3: Summary of Events.
Profiling of the Intruder.
Summary.
21. The Future by Lance Spitzner.
Distributed Honeynets.
Advanced Threats.
Insider Threats.
Law Enforcement Applications.
Use and Acceptance.
Blackhat Response.
Summary.
About the Authors.
Index
|
|
