Know Your Enemy: Revealing the Security Tools, Tactics, and Motives of the Blackhat Community

I could not make use of any of the facts / chapters in industrial security environments, because every insight is derived from very simple setups which are not refelcting today's complexity of IP, Network Infrastructure and Security. As the author mentions within the first 10 pages::: the knowledge is derived from his living room. Sure it is no mirror of today's networks.

However for people running small homeoffices it might be a good source.

Rating:
Summary: Honey Is Not So Sweet
Review: I was excited about this book, but it was slightly disappointing -- not a lot, just some. I have like the author's previous books and articles and was looking for a lot of coverage on this topic. Although the material presented is worth reading, much of it is repeated and much of it could be left out (some of the recorded dialog was worth including, but probably only one-third of it was needed). Read his other books first, then possibly this one.

Rating:
Summary: YES, YES, YES.
Review: If you are interested in computer forensics, this one is the book. Excellent, just like I expected to be a book from the honeynet project people. Buy this book, and it will be the only reference needed to enter the forensic arena.

Pros:
- The only book seriously covering Honeynets and Honeypots.
- Several real cases fully analyzed.
- Tons. of forensic data included in the companion CD.

Cons:
- Of the 328 pages, only the first 150 are really worthy, the rest are just fillers.

My only additional wish is a future edition including Windows Systems forensics.

Rating:
Summary: An extremely important security book & a fascinating read
Review: Many an author has written about hackers and computer criminals, but more often it's not from first-hand knowledge. Know Your Enemy is unique is that it is written in the first person. The book is a chronicle of The Honeynet Project; which is a group of security professionals dedicated to learning the tools, tactics and motives of hackers in order to share what they have learned from those encounters. The group was formed due to the every growing complexity of today's networks, and that no single individual has the complete set of skills necessary to understand the forensics behind computer attacks.

The book centers around honey pots and honey network that the Honeynet Project designed. A honey pot is a computer designed to look like something that an intruder can hack into. One example of a honey pot is to install a machine on a network with no particular purpose other than to log all attempted accesses to it. Similarly, a honeynet is a network designed to be compromised.

The function of the honeynet is that when attackers probe, attack and attempt to hack a system, the administrators of the honeynet are able to observe all of their activities, and use that knowledge to design stronger systems. By building such a network and understanding the scope attacks against it, one can understand their adversary, and can better protect their corporate information systems assets.

The book is divided into three parts. The first part shows how the group planned and built the Honeynet. The second part goes into an in-depth analysis of the logs gathered during attacks. While part 3 looks at the threats, motives and tools that the enemy employs in their attacks.

The book is written by technical experts, but in a language that doesn't require a strong technical background. The book effectively shows how a hacker thinks and operates. Most often than not, the hacker simply bypasses the normal security mechanism in place. Know Your Enemy takes all of the lessons learned from hundreds of attacks against the honeynet and shows how to better design systems that is resilient against attack.

Know Your Enemy is not only an extremely important security book, it is a fascinating read. For any security practitioner wants to truly understand the risks their networks face on a daily basis, Know Your Enemy is a must read.

Rating:
Summary: Fills a unique niche...
Review: Most of the time, your only close-up view of a computer attack is trying to sort out how someone compromised your production system. But there is a way to get hands-on experience with attack analysis, and Know Your Enemy - Learning About Security Threats by The Honeynet Project (Addison-Wesley) shows you how.

The chapter breakout: The Beginning; Honeypots; Honeynets; Gen1 Honeynets; Gen2 Honeynets; Virtual Honeynets; Distributed Honeynets; Legal Issues; The Digital Crime Scene; Network Forensics; Computer Forensics Basics; UNIX Computer Forensics; Windows Computer Forensics; Reverse Engineering; Centralized Data Collection and Analysis; Profiling; Attacks and Exploits: Lessons Learned; Windows 2000 Compromise and Analysis; Linux Compromise; Example of Solaris Compromise; The Future; IPTables Firewall Script; Snort Configuration; Swatch Configuration; Network Configuration Summary; Honeywall Kernel Configuration; Gen2 rc.firewall Configuration; Resources and References; About The Authors; Index

If you're not familiar with the concept, a honeypot is a computer set up to gain the attention of network intruders. The concept is that the intruder will spend time with that box and leave the rest of the network alone. A honeynet is the same thing but only at a network level. The authors of this book are experts at setting up these kind of systems in order to see how attackers work and discover new exploits before they are used against actual production systems. They take you through all the different parts of the process; how to set up a honeypot/honeynet, how to analyze an attack, what legal considerations have to be kept in mind, and examples of exploits that actually were recorded and analyzed.

While there are plenty of books that talk about computer security, there are few that show you how to take the offensive and learn first-hand how to analyze and understand real-life attacks. This is a unique offering that will have high appeal for the security professional looking for in-depth understanding of the attacker mindset.

Rating:
Summary: Fascinating and intelligent. Everyone should read this book.
Review: Nothing could stop me from writing a review about "Know Your Enemy" and I'll tell you why: It's no secret, most of us can't turn on a television or a radio these days without hearing the United States needs better intelligence, better tools and methods for spying on enemies so America can prepare for attacks before they strike. Well, the same holds true in the information age. More intelligence must be built around network security and computer systems. Lance Spitzner's new book, "Know Your Enemy" shows us how. When I started reading this book, I couldn't believe what I was hearing. A network of computers called a honeynet, designed as an everyday corporate network used to capture, analyze and control the flow of data in and out of the network for studying the motives, tactics, and tools of the blackhat community? Wow!!

"Know Your Enemy" walks us through building and managing our own honeynet's. A CD-ROM comes with the book with tools to get us started. I speak from experience when I tell you this book helped me during my honeynet build. It showed me ways to capture critical information, log that information, and alert me via pager and e-mail in real time. The book talks about methods used for capturing keystrokes, advanced data analysis, and ways by which to capture and control the data. There are chock full of real world scenario's directed at dealing with worms. As we read through the book we get the chance to view how systems are exploited and what made them vulnerable. Lance Spitzner takes us step-by-step through real world attacks initiated by real blackhats and crackers. Reading this book is like reading someone's diary from the beginning only the information is freely shared and extremely valuable. "Know Your Enemy" took me down the path I needed to go. It will take you to the next level of security everyone might want to strongly consider. One, that's more analytical and intelligent, one that teaches us to be more proactive. My favorite chapter in this book was "In Their Own Words". That chapter was over 100 pages of captured keystrokes between the blackhats that took over the honeynet and...well...you should get the book and read it for yourself. It's a trip.

Richard La Bella, MCSE, CCSE, CCNA

Rating:
Summary: Fascinating and intelligent. Everyone should read this book.
Review: Nothing could stop me from writing a review about "Know Your Enemy" and I'll tell you why: It's no secret, most of us can't turn on a television or a radio these days without hearing the United States needs better intelligence, better tools and methods for spying on enemies so America can prepare for attacks before they strike. Well, the same holds true in the information age. More intelligence must be built around network security and computer systems. Lance Spitzner's new book, "Know Your Enemy" shows us how. When I started reading this book, I couldn't believe what I was hearing. A network of computers called a honeynet, designed as an everyday corporate network used to capture, analyze and control the flow of data in and out of the network for studying the motives, tactics, and tools of the blackhat community? Wow!!

"Know Your Enemy" walks us through building and managing our own honeynet's. A CD-ROM comes with the book with tools to get us started. I speak from experience when I tell you this book helped me during my honeynet build. It showed me ways to capture critical information, log that information, and alert me via pager and e-mail in real time. The book talks about methods used for capturing keystrokes, advanced data analysis, and ways by which to capture and control the data. There are chock full of real world scenario's directed at dealing with worms. As we read through the book we get the chance to view how systems are exploited and what made them vulnerable. Lance Spitzner takes us step-by-step through real world attacks initiated by real blackhats and crackers. Reading this book is like reading someone's diary from the beginning only the information is freely shared and extremely valuable. "Know Your Enemy" took me down the path I needed to go. It will take you to the next level of security everyone might want to strongly consider. One, that's more analytical and intelligent, one that teaches us to be more proactive. My favorite chapter in this book was "In Their Own Words". That chapter was over 100 pages of captured keystrokes between the blackhats that took over the honeynet and...well...you should get the book and read it for yourself. It's a trip.

Richard La Bella, MCSE, CCSE, CCNA

Rating:
Summary: Very good book!
Review: One of most exciting areas to emerge in information security has been in the area of honeynets. These are networks designed to be compromised and capture all of the tools and activity of attackers
The Honeynet Project is a volunteer organization dedicated to researching and learning cyber-threats, and sharing our lessons learned. The project is made up of 30 security professionals around the world. They learn about cyber-threats by deploying networks around the world to be compromised. Once compromised, they capture all of the attacker's tools and activity, analyze, and learn from that. The value to this research is there is very little theory involved, they are capturing and seeing what is happening in the Internet today.
Very neat!

A honeynet is the primary tool used to capture attacker's activity. It is a type of honeypot, specifically a high-interaction honeypot. As a honeypot, honeynets work on the concept that they should not see any activity, no one has authorization to interact with them. As a result, any inbound or outbound connections to the honeynet is most likely unauthorized activity. This simple concept makes it highly effective in detecting and capturing both known and unknown activity. Honeynets work as a highly controlled network made up of real systems and applications for attackers to probe and compromise.

The book is about honeynets, how to use them, and what you can learn. The book is broken into three parts. The first part is focused on what honeynets are, how they work, the different types, and technical details on how you can deploy them safely. The second part focuses on how to analyze all the different data a honeynet can collect (network and host based forensics, reverse engineering, centralized data correlation, etc). The third part is specific examples of several honeynets being hacked, including Win2000, Linux, and Solaris. What makes the book so interesting is it ties all these different elements together. You can learn more at http://www.honeynet.org/book/

The book was not written by a single individual, but by leading experts in their field. They attempted to combine the best experiences and skills from some of the leading individuals. The book was organized by the Honeynet Project, but the contributing authors include members of the Honeynet Research Alliance, individuals from the Department of Justice, and others who have helped us in the past and wanted to contribute. Some examples of authors include Honeynet Project members Brian Carrier who wrote several chapters and Max Kilger who wrote about profiling. Honeynet Research Alliance members include the work of the Greek Honeynet Project writing about hacked Linux systems, and the Mexican Honeynet Project writing about hacked Solaris systems. They also had outside experts help out, including Richard Salgado of the DoJ author about legal issues, and Dion Mendel from Australia write about Reverse Engineering.

-- To defend against your threats, you have to first know who your enemy is -- I recommend this book!

Rating:
Summary: Sophisticated methods and countermeasures
Review: The authors extensively document their honeypot project, which was designed to deflect attackers away from real systems and data assets by using decoys. The project evolved into something much more, which is chronicled in the book.

The first part of the book deals with technical issues and how and why the project was initiated. As the chronicle of the project proceeds the authors begin adding a new dimension to information security: psychological profiling. This is where the book becomes fascinating, and where reading the book becomes tedious.

The fascination stems from the methods used to identify, classify and profile their attackers. The tedium in reading the book is that you have to carefully read through logs of chats (Chapter 11, In their Own Words). This is not the stuff of casual reading - but is worth the time, effort and pain it takes to wade through this chapter.

Part of the tedium, aside from having to read raw (but annotated) logs is that profiling attackers requires an understanding of cultural issues, psychological motivations and risks associated with each attacker profile.

The accompanying CD ROM contains tools and supporting material for each of the chapters. The tools are the ones the project uses in building, maintaining, and using a Honeynet environment, and includes source code, precompiled binaries, and documentation. The supporting material consists of source code, network captures, and other information related to specific chapters.

The sophisticated profiling methods described his book are more suited for large corporations, organizations that support unpopular social causes (commercial and non-commercial) and targets of information warfare attacks. I personally believe that the book adds a new dimension to IT security, making it an important contribution to the security body of knowledge.

Rating:
Summary: Security Professional Must Have
Review: This book (and the project) is extreemly helpful to the security community. The book is well detailed and very informative. However it is not for someone who is not a senior technical person whom understands sniffer traces, tcp dumps, and protocol analysis in general.