Rating: 
Summary: An informative look at how the "bad guys" operate
Review: "Know Your Enemy" begins with this simple yet striking observation: no military would plan to fight a battle without trying to learn as much as possible about the enemy -- their capabilities, their equipment, normal patterns of observation, and so on. But these rudiments of "tactical intelligence" have long been neglected in computer security. This book describes the Honeynet project (www.honeynet.org), a group that sets up so-called "honeypot" systems in order to observe (and learn about) the people who then try to attack them.One fact that is especially striking, and more than a little frightening, is the short amount of time that elapses between new systems being connected to the Internet and the first attempts to break into them. The author tells of one system that got hit within 15 minutes of plugging it in! The book is divided into three parts: how to set up a honeynet, how to analyze the collected data, and what the author has learned about "the enemy" in doing so. The first part will be most interesting to those strange folks like me who, at one point or another, have set up "tripwires" on their systems to see who might be jiggling the doorknobs. The thought process involved in setting up a honeypot system, however, is more generally useful, because it helps to train the mind to think about secure vs. insecure systems and trust in general. Students of system and/or network administration should find this helpful, even if they never set up a honeypot themselves.But it's also more generally useful for forensic analysis after a security incident. Finally, there's part three, the discussion of what has been learned about the "black hat" community. This I found to be both the most interesting and the most frustrating part of the book. In particular, chapter 11 ("In Their Own Words") is at the same time a strong and weak point. This chapter consists mainly of a collection of intercepted chat logs between intruders, with some commentary and analysis interspersed. My concerns with this chapter are, first, it is rather long (over 100 pages); and second, the actual analysis is fairly limited, though having an actual psychologist in on the honeynet team does add an interesting touch. Overall, this is an extremely valuable book for those with responsiblity for (and/or interest in) computer security. Taking into account my complaints about chapter 11, I give the book 4.5 stars, rounded up to 5.
Rating:
Summary: Lance Spitzner "Know Your Enemy"
Review: "Know Your Enemy" from the Honeynet Project...
team (led by Lance Spitzner) is an amazing account on adventures in computer
security. This superb book provides the summary of two years of the project
operation. Aimed to gather and analyze more information about malicious
hackers, the project provided security community with unique insights into
attacks, tricks, and even personalities of hackers. The network (now a
combination of networks in several places worldwide) was deployed for the
single purpose of being penetrated by remote attackers (or blackhats, as
they are called in the book). Their actions were then recorded, studied and
presented in this book and papers on the project web site
.... Real production systems (Linux, UNIX,
Windows) were deployed within the Honeynet. Leveraging his military background, Lance Spitzner explains why it is
crucial to get first hand information on computer underground operations.
"Information is power" and in computer security there is a serious lack of
information about the adversaries. Most of the available information comes
as 'too little, too late' such as for a company that gets first-hand
knowledge of hackers right after seeing "u r 0wned" on their web site. And
even in this case other companies cannot learn from mistakes, since the
break-in will be kept as secret as possible. The typical Honeynet break-in produces the following information. What
reconnaissance activity was performed by an attacker before the intrusion?
Which network service was exploited? What exact exploit string or buffer
overflow was used? What attacked did after getting access to the system? How
he or she retained access to the system? How did he or she use the system?
The answers are in the book! In some of the attacks, the logs of IRC (Internet Relay Chat) conversations
between hackers were recorded. They reveal not only the technology, but also
some of the motivations of intruders. Some stories from the book border on
impossible, such as the case where the streaming video sent by hackers was
captured by the Honeynet team. The book also provides full details on designing, building and
maintaining the honeynet, including the risks of running a honeynet. To
be more precise, they describe a Generation I honeynet, since now the
project has moved to more sophisticated security technology. The
project uses stringent standards for data control (preventing attacker
from causing trouble to third parties), data collection (recording
everything that happens on the network) and data collection
(aggregating attack data from several honeynets). Overall, as Bruce Schneier said in the book's foreword: "Great stuff,
and it 's all real" Anton Chuvakin, Ph.D. is a Senior Security Analyst with a major
information security company.
Rating: 
Summary: Disappointing. Way too much padding.
Review: Having seen Lance Spitzner's website and read other reviews of this book, I have to say that it failed to live up to my expectations. There is far too much repetition. It felt like Spitzner was still in the army, lecturing a class of new recruits and drumming everything in over and over. Maybe OK in a classroom, but not a book. The transcripts of script-kiddy IRC sessions constitute the biggest single section of the book, but have little real value, and very few words per page. The whole things has the feel of something that seemed like a good idea for a book, but when they got down to it they found there wasn't enough to put in, so they just bulked it out. There are useful and interesting things in there, which is why I gave it two stars instead of one.
Rating:
Summary: Disappointing. Way too much padding.
Review: Having seen Lance Spitzner's website and read other reviews of this book, I have to say that it failed to live up to my expectations. There is far too much repetition. It felt like Spitzner was still in the army, lecturing a class of new recruits and drumming everything in over and over. Maybe OK in a classroom, but not a book. The transcripts of script-kiddy IRC sessions constitute the biggest single section of the book, but have little real value, and very few words per page. The whole things has the feel of something that seemed like a good idea for a book, but when they got down to it they found there wasn't enough to put in, so they just bulked it out. There are useful and interesting things in there, which is why I gave it two stars instead of one.
Rating: 
Summary: One-of-a-kind; a must read for security professionals
Review: I am a senior engineer for network security operations. I reviewed and provided feedback on a draft of "Know Your Enemy" (KYE) and I am credited on page xiii. This book by the Honeynet Project breaks new ground in the security and publishing communities. It is the first substantial "intelligence report" on those who use the Internet for destructive means, and will enlighten readers of all skill and experience levels.
As a former Air Force intelligence officer, I share the Honeynet Project's desire to gain insight into the tools, tactics, and intentions of the enemy. After explaining the technical details of configuring the honeynet, the authors discuss the attacks launched against their monitored network. The book's level of detail is excellent, as it includes network traces, log entries, and even keystroke captures. This multi-dimensional analysis is exactly the sort of information needed by intrusion detectors and other security personnel.
Beyond the descriptions of various incidents, the authors reveal several key insights. First, the security community must look beyond the tools used by the adversary, and understand tactics and intentions. Second, data collection is critical; alerts mean little without supporting evidence. Third, defense in depth applies to intrusion detection, as it is best to use logs from routers, firewalls, IDS, and hosts together when analyzing events.
The main reason I gave the book four stars was the inclusion of 100 pages of IRC logs in chapter 11. This did not add much to the 328 page book. The analysis of the chat sessions near the end of the chapter was more helpful. That section could have paraphrased the chatting or made reference to transcripts on a CD-ROM. I also hope future Honeynet Project books address Windows NT/2000 compromises, and ways to perform digital forensics on those systems.
Overall, I found "Know Your Enemy" to be highly motivational. I was glad to finally see proof that the "good guys" share information! (I think we give the "bad guys" a little too much credit in that respect.) I plan to include this book in my recommended reading list for network security and intrusion detection professionals. It is simple and well-written, and contains the right sort of information for someone trying to understand common security incidents.
Cliff Stoll's book was the last to detail a truly high-end compromise, perpetrated by individuals employed by a foreign intelligence service. When will the Honeynet Project bag "the big one?"
(Disclaimer: The publisher sent me a free review copy.)
Rating:
Summary: I like the Honeynet Project idea, not so much the book
Review: I bought this book based on the recommendations of other readers. The first 3 chapters which describe the Honeynet configuration are of some value. The book however turns into an extremely repetitive exercise, and there are at least one hundred pages dedicated to a news dialog between teenager hackers.
Rating:
Summary: Great book
Review: I fell in love with honeypots because of this book. They cover everything from beginner to expert. They tell you all you need to know to start your own honeynet. Well done.
Rating:
Summary: Good book but missing some info.
Review: I found this book to be very informative but felt the authors were holding back. I know The Honeynet Project has much more up their sleeves. Tool coverage is great, motives too, but missing "meat" of tactics. Still a very good read and recommended to learn more about BHats.
Rating:
Summary: Good book but missing some info.
Review: I found this book to be very informative but felt the authors were holding back. I know The Honeynet Project has much more up their sleeves. Tool coverage is great, motives too, but missing "meat" of tactics. Still a very good read and recommended to learn more about BHats.
Rating:
Summary: Gripping read
Review: I picked this book up and couldn't put down. Well written and gripping. Very informative about how easily systems are "owned" as well how difficult it can be to set up Intrusion Detection Systems to see all attacks. If you weren't paranoid about your system being rooted, you will be after reading this book. I haven't tried the CD yet. The analysis of the conversations of the cracker group were interesting - gave some insight of how some crackers think they are motivated to do their malicious acts. One nice thing about this book is you don't have to be a security expert or even security acquainted to see how the crackers work. I think my mother (who is a knitting granny type) could read this book without getting overwhelmed by techno-geek details.
| 
