Honeypots: Tracking Hackers

The structure of the book is different from the "Know Your Enemy":
Lance starts from the very beginning - namely, his first honeypot
penetration experience and then goes on to talk about all aspects of
honeypots. In-depth and structured background on honeypot technology
is provided. Honeypots are sorted by the level of interaction with
attacker they are able to provide.

In addition, the book covers the business benefits of using
honeypots. By classifying the value of honeypots into prevention,
detection and response (exactly as done in Honeynet Project white
papers) Lance Spitzner analyzes the honeypot technology contributions
to an overall security posture. Also, the book describes the
differences between the research and production honeypots and
demonstrates the benefits of both for various deployment scenarios.

A good part of the book is devoted to particular honeypot solutions:
'honeyd' by Niels Provos and several commercial honeypots with
detailed explanation of how they work. For example, there is a clear
description of ARP spoofing and how it is used by the 'honeyd'
honeypot daemon. An interesting chapter on "homegrown" honeypot
solutions (such as the ones used to capture popular worms of 2001)
sheds some light on the simplest honeypots that can be built for
specific purposes, such as to capture a popular attack by means of a
simple port listener. Use of UNIX chroot() jail environment for
honeypots is also analyzed.

Of course, a special chapter is devoted to honeynets - Project's
primary weapon in a war against malicious hackers. The Generation II
(GenII) honeynet technology is first introduced in a book. The chapter
not only lists honeynet deployment and maintenance suggestions, but
also talks about the risks of honeynets.

Another great feature of the book is a chapter on honeypot
implementation strategies and methods, such as using NAT to forward
traffic to a honeypot and DMZ honeypot installation. The information
is then further demonstrated using the two full honeypot case studies,
from planning to operation.

What is even more important, maintaining the honeypot architecture is
covered in a separate chapter. Honeypots are a challenge to run,
mainly since no 'lock it down and maintain state' is possible. One has
to constantly build defenses and hide and dodge attacks that cannot be
defended against.

"Tracking hackers" also has a "Legal Issues" chapter, written with a
lot of feedback from the DoJ official. It dispels some of the
misconceptions about the honeypots such as the "entrapment" issue,
summarizes wiretap laws and related data capture problems.

The book describes an almost cutting edge of the honeypot research and
technology. To truly get the cutting edge and to know about the
Honeynet Project latest activities in detail, wait for the second
edition of "Know Your Enemy" (coming out next year). In "Tracking
Hackers" Lance makes some predictions about honeypots in "Future of
Honeypots" chapter. Honeypot-based early warning system and
distributed deployments, analysis of new threats and expanding
research applications, making honeypots easier to deploy and maintain
are all in this chapter.

To conclude, Marcus Ranum's enthusiastic preface is not an
overstatement, it is indeed a great book for both security
professionals and others interested in this exciting technology.
While I was already familiar with most of the information in the book,
it was a fascinating read! This is the kind of book you don't want or
even cannot put down until the last page is turned.

Anton Chuvakin, Ph.D., GCIA is a Senior Security Analyst with a major
information security company. His areas of infosec expertise include
intrusion detection, UNIX security, honeypots, etc. In his spare time
he maintains his security portal info-secure.org

Rating:
Summary: Think Honeypot!
Review: Lance is the "been there, done that" guy when it comes to honeypots and that really shows this book teaches, but it also entertains. Honeypots: Tracking Hackers grabs your interest from the start with a real life story of an underground hacker with a powerful new hacking tool, attacking hundreds, if not thousands, of systems all over the world.

Lance begins with how he got interested in honeypots and goes on to describe the different tools that are available, how they work and how anyone can set up their system to learn how to defend from novel attacks attacks. From the personal home computer to huge networks, Lance and his team have a solution.

He puts attackers in two categories: those who want to attack as many systems as possible and those who target a specific system of high value. By defining these attackers the audience has a clear understanding of what they are dealing with.

Starting with the history and definition of honeypots and honeynets, he takes us through characteristics and the different levels of interaction, how to configure different levels of honeypots, then on to the need to convince management of the value of honeypots and finally the legal issues (USA law) involved.

Honeypots are becoming more acceptable as hackers get into more systems and management is mandated to stop the attacks. They shouldn't be anyone's first line of defense, but for advanced sites, this is an important suite of technologies.

Honeypots: Tracking Hackers is a must read for novices and experienced security officers, alike. It will keep your attention and make you want to set up your own honeypot! If the book is not on your bookshelf and if honeypots are not part of your defensive information plans, something is wrong!

Rating:
Summary: An important book for any information security professional
Review: Sting operations have been around for a long time. But in the age of the Internet how does one perform a sting operation in a digital manner? The answer is via a honeypot. A honeypot is a security resource (generally a file server, router or web server) whose value lies in being probed, attacked or compromised. By having a honeypot, organizations can see who their adversaries are, and in what manner their corporate digital assets are being attacked.

One of the many advantages that honeypots offer are that they enable organizations to take the offensive, as traditionally, the attackers have always has had the initiative. By taking an offensive security stance, companies are much better able and prepared to defend themselves.

Honeypots: Tracking Hackers is written by Lance Spitzner, one of the veterans in the field. The book complements his previous work Know Your Enemy: Revealing the Security Tools, Tactics, and Motives of the Blackhat Community (reviewed June 2002). The book is an excellent resource for those that want to build their own honeypot.

The book open with an introduction into honeypots and the different roles they can play. It then details in depth various commercial and open source honeypots. The book details the pros and cons of honeypots. It makes it clear that honeypots are not for every organization; as the maintenance of honeypots can be time consuming and must be done by a person who knows exactly what they are doing and looking at.

Even for those that have no intention of implementing a honeypot, the book has a wealth of information about attackers and their methods. While not every organization may want to implement a honeypot, every organization is a target. By understanding who desires to attacks your corporate digital assets, you can be better prepared to defend them.

Not overly technical, Honeypots: Tracking Hackers is a fascinating read, and an important book for any information security professional.

Rating:
Summary: An important book for any information security professional
Review: Sting operations have been around for a long time. But in the age of the Internet how does one perform a sting operation in a digital manner? The answer is via a honeypot. A honeypot is a security resource (generally a file server, router or web server) whose value lies in being probed, attacked or compromised. By having a honeypot, organizations can see who their adversaries are, and in what manner their corporate digital assets are being attacked.

One of the many advantages that honeypots offer are that they enable organizations to take the offensive, as traditionally, the attackers have always has had the initiative. By taking an offensive security stance, companies are much better able and prepared to defend themselves.

Honeypots: Tracking Hackers is written by Lance Spitzner, one of the veterans in the field. The book complements his previous work Know Your Enemy: Revealing the Security Tools, Tactics, and Motives of the Blackhat Community (reviewed June 2002). The book is an excellent resource for those that want to build their own honeypot.

The book open with an introduction into honeypots and the different roles they can play. It then details in depth various commercial and open source honeypots. The book details the pros and cons of honeypots. It makes it clear that honeypots are not for every organization; as the maintenance of honeypots can be time consuming and must be done by a person who knows exactly what they are doing and looking at.

Even for those that have no intention of implementing a honeypot, the book has a wealth of information about attackers and their methods. While not every organization may want to implement a honeypot, every organization is a target. By understanding who desires to attacks your corporate digital assets, you can be better prepared to defend them.

Not overly technical, Honeypots: Tracking Hackers is a fascinating read, and an important book for any information security professional.

Rating:
Summary: Great Overview of Honeypots for the Beginner
Review: This book did a great job of presenting the concepts of modern honeypot technology. It begins by covering the basic concepts of what the different types of honeypots can do, the different design concepts of production honeypots vs. research honeypots and how honeypots can be an aid to network security in any organization. The one thing I did'nt like was the "flow" of the book and the way some chapters were written. There was an exessive amount of fluff, some topics were beat like a dead horse. The book could easily have shaved off 50 pages making it a better read. Overall, it was a great book, I learned a lot, and would recomend it to anyone looking for an intro to honeypots. The included CD was a plus as well.