Honeypots

The text is comprehensive, an honest survey of every honeypot technology I had ever heard of and a number I read about for the first time.
--Stephen Northcutt, The SANS Institute

One of the great byproducts of Lance's work with honeypots and honeynets is that he's helped give us a much clearer picture of the hacker in action.
--From the Foreword by Marcus J. Ranum

From the basics of shrink-wrapped honeypots that catch script kiddies to the detailed architectures of next-generation honeynets for trapping more sophisticated bad guys, this book covers it all....This book really delivers new information and insight about one of the most compelling information security technologies today.
--Ed Skoudis, author of Counter Hack, SANS instructor, and Vice President of Security Strategy for Predictive Systems

Honeypots are unique technological systems specifically designed to be probed, attacked, or compromised by an online attacker. Implementing a honeypot provides you with an unprecedented ability to take the offensive against hackers. Whether used as simple burglar alarms, incident response systems, or tools for gathering information about hacker motives and tactics, honeypots can add serious firepower to your security arsenal.

Honeypots: Tracking Hackers is the ultimate guide to this rapidly growing, cutting-edge technology. The book starts with a basic examination of honeypots and the different roles they can play, and then moves on to in-depth explorations of six specific kinds of real-world honeypots: BackOfficer Friendly, Specter

Autorentext
Lance Spitzner is a senior security architect for Sun Microsystems, Inc., and an acknowledged authority in security and honeypot research. He is a developer, the moderator of the honeypots mailing list, and an instructor for the SANS honeypot course. He is also the founder of the Honeynet Project, a nonprofit group of thirty security professionals dedicated to Honeynet research and learning the tools, tactics, and motives of blackhats and sharing their lessons learned. Lance has presented data on honeypot technologies to organizations such as the Pentagon, the FBI Academy, the Naval War College, the National Security Agency, West Point, SANS, CanSecWest, and Black Hat Briefings.

0321108957AB08282002

Klappentext
Lance Spitzner, lead author of the popular security book, Know Your Enemy, explores exciting new security technologies called Honeypots The first book to examine what honeypots are, how they work, and all the different types Provides examples of real world deployments Coverage of the legal issues surrounding the use of honeypots, one of the most controversial aspects of honeypot security CD includes white papers, source code, and actual evaluation copies of software.Technology: Honeypots are highly sophisticated technologies used to observe and learn about hackers. Practical and commercial interest in these new forms of hacker defense is now hitting the mainstream. There are many successful commercial honeypots, including ManTrap and Specter. Audience:Anyone who purchased Know Your Enemy, security administrators, researchers, law enforcement, and the intelligence community will be interested in this book.User level:Beginner to Intermediate. Lance Spitzner is an acknowledged leader in the security field, and the undisputed expert in honeypot technology. He is the moderator of the honeypots maillist, developer and instructor of the SANS honeypot course, and founder of The Honeynet Project. He has presented on honeypot technologies at the Pentagon, FBI Academy, National Security Administration, SANS, Usenix, and Blackhat. Spitzner is also a Senior Security Architect for Sun Microsystems, Inc.

Zusammenfassung
Presents a survey of honeypot technologies.

Inhalt


Foreword: Giving the Hackers a Kick Where It Hurts.


Preface.


1. The Sting: My Fascination with Honeypots.
The Lure of Honeypots.How I Got Started with Honeypots.Perceptions and Misconceptions of Honeypots.Summary.References.

2. The Threat: Tools, Tactics, and Motives of Attackers.
Script Kiddies and Advanced Blackhats.Everyone Is a Target.Methods of Attackers.Targets of Opportunity.Targets of Choice.Motives of Attackers.Adapting and Changing Threats.Summary.References.

3. History and Definition of Honeypots.
The History of Honeypots.Early Publications.Early Products.Recent History: Honeypots in Action.Definitions of Honeypots.How Honeypots Work.Two Examples of Honeypots.Types of Honeypots.Summmary.References.

4. The Value of Honeypots.
Advantages of Honeypots.Data Value.Resources.Simplicity.Return on Investment.Disadvantages of Honeypots.Narrow Field of View.Fingerprinting.Risk.The Role of Honeypots in Overall Security.Production Honeypots.Research Honeypots.Honeypot Policies.Summary.References.

5. Classifying Honeypots by Level of Interaction.
Tradeoffs Between Levels of Interaction.Low-Interaction Honeypots.Medium-Interaction Honeypots.High-Interaction Honeypots.An Overview of Six Honeypots.BackOfficer Friendly.Specter.Honeyd.Homemade.ManTrap.Honeynets.Summary.Reference.

6. BackOfficer Friendly.
Overview of BOF.The Value of BOF.How BOF Works.Installing, Configuring, and Deploying BOF.Information Gathering and Alerting Capabilities.Risk Associated with BOF.Summary.Tutorial.Step 1-Installation.Step 2-Configure.Step 3-Netstat.Step 4-Attack System.Step 5-Review Alerts.Step 6-Save Alerts.References.

7. Specter.
Overview of Specter.The Value of Specter.How Specter Works.Installing and Configuring Specter.Operating System.Character.Services.Intelligence, Traps, Password Types, and Notification.Additional Options.Starting the Honeypot.Deploying and Maintaining Specter.Information-Gathering and Alerting Capabilities.Short Mail.Alert Mail.Log Analyzer.Event Log.Syslog.Intelligence Gathering.Risk Associated with Specter.Summary.References.

8. Honeyd.
Overview of Honeyd.Value of Honeyd.How Honeyd Works.Blackholing.ARP Spoofing.ARP Proxy.Responding to Attacks.Installing and Configuring Honeyd.Deploying and Maintaining Honeyd.Information Gathering.Risk Associated with Honeyd.Summary.References.

9. Hom…