Know Your Enemy: Revealing the Security Tools, Tactics, and Motives of the Blackhat Community

It's not clear to me what audience this book is targetting. Presumably, one would have to be a fairly sophisticated system administrator to make use of the information obtained by setting up one's own honeynet. For such an audience, however, much of the information presented seems to be at too elementary a level.

The authors don't help their case with their constant boasting of their own sophistication and their gratuitous use of military metaphors. The technical side of internet security is still better served by Cheswick and Bellovin's _Firewalls and Internet Security_ and Garfinkel and Spafford's _Practical Unix Security_, despite the age of those books. If you're interested in the social side, you'll be better entertained by Stoll's _Cuckoo's Egg_ or Shimomura and Markoff's _Takedown_.

I can't recommend this book very highly, but the bundled CD appears to be quite useful, so if you have the money to spare, you might give it a try.

Rating:
Summary: The Alarm Clock is Ringing
Review: This book describes the methods and findings of the Honeynet Project in
prose that is clear and easy to follow even for someone without a strong
background in computer technology. It shows that the members of the
blackhat community (more commonly called crackers or hackers) scan the
internet indiscriminatley, probing computers for secruity weaknesses
and exploiting those that they find. The book conveys this message
that needs to reach a wide audience: Blackhats look for any internet

attached computer that they can break into. They do not care if the
computer is powerful, contains valuable data, or has a fast connection.
They only care about its presence and crackability.

If you are under the delusion that blackhats are not interested in your
computer this book is an alarm clock ringing to wake you up. If you
are curious about how computers on the Internet are compromised this
book has the details you need (including a CDROM with useful programs)
to get a base understanding of the issues. If you are a data security
professional this book is a self test about what you should already know.
If you are a business manager responsible for Internet attached computers
this book provides information to help you make better decisions about
resource allocation for security.

The Honeynet Project is fairly young. The book covers what they
have learned to date from putting stock systems out on the Internet.
The final chapter is titled "The Future of the Honeynet". The promise
of that chapter addresses my primary complaint about the book. It just
covers the basics - unpatched default installations getting cracked by
wandering vandals. While the detection and analysis work of the Honeynet
Project is advanced they show in this book the literal and figurative
kiddie brats bullying systems with no security precautions applied.
This left me hungry for information on how more advanced hackers do
their attacks. I hope "Know Your Enemy Volume II" is not too far away.

Having said that I must acknowledge that the Internet has a massive
population of computers that are vulnerable to these basic attacks.
Through ignorance, indifference, or misplaced priorities computers are
attached to the Internet without being properly secured. Blackhats can
compromise these systems and use them to attack targets of choice -
including the infrastructre of the Internet itself.

Hopefully this book will gather an audience that will respond to its
implied call to action...

Rating:
Summary: Interesting read..
Review: This book is a very interesting read and would recommend any CSO to read it. I've been to too many seminars where opions and products are the driving force of selling a product. This book gives an objective view and I have found it helpful in my own evaluations and have given me food for thought. The CD with the book gives some useful information and links to some very good articles, and tools.
I am designing one of the largest networks and security infrastructures in the world, and thought generating books even though they may not give you the complete answer wrangle your curiousity and indepth knowledge of others.
This will book can only expand on what you know or you don't know. Recommended

Rating:
Summary: Almost no useful information.
Review: This book is mainly about how to setup a honeypot or in other words the theory behind a honeypot. The actual root methods are very primitive and reveal almost no useful tactics to any intelligent computer user. Then the authors combine this with 100 pages of irc chats which are pathetic. I would not recommend buying this book.

Rating:
Summary: Almost no useful information.
Review: This book is mainly about how to setup a honeypot or in other words the theory behind a honeypot. The actual root methods are very primitive and reveal almost no useful tactics to any intelligent computer user. Then the authors combine this with 100 pages of irc chats which are pathetic. I would not recommend buying this book.

Rating:
Summary: Well written, researched and titled
Review: This is a fascinating read about how understanding hacking, from gathering the data, to the forensic analysis. The second part, on the forensic analysis is very detailed and well written.

The root idea is very simple, put an attractive target on the Internet, wait until it's hacked (and it will be), and then analyze the attack. The first part of the book covers the construction of these attractive 'honeypots'. The second part covers how to analyze the inevitable attack. The third part, which is the most high level, is about the culture of hacking and hackers.

I would recommend this book to anyone involved in securing systems on the open internet who has a good understanding of the technology behind networking and operating systems.

Rating:
Summary: Excellent Security Must Read
Review: This is a requirement for anyone studying security or it is also a good read for those who aren't security professionals but want to understand more about the blackhat community. It really should be read by any computer professional to understand the threats and the tactics to deceive those who deceive us.
Overall, a great book and one to add to the collection (but easy to read cover to cover first!)

Rating:
Summary: I know my enemy a lot more than before
Review: Very interesting and practical book about security.
CD-ROM contains good sources such as tools,examples and codes.
Every security professional must read this book.

Rating:
Summary: The struggle against blackhats continues
Review: [This is a review of the Second Edition, May 2004.]

The Honeynet Project grew out of an informal group of computer experts who decided to take an active role in tracking breakins to computers. Existing countermeasures, like firewalls, and frequent patches of discovered firmware bugs, were fundamentally defensive. And did not actively try to understand the capabilities and intentions of the crackers/intruders/blackhats.

This second edition describes what they term Gen 2 Honeynets. These are more sophisticated than Gen 1 networks of honeypots, where a honeypot is a computer expressly deployed for blackhats to intrude upon. The book delves in some length on how to construct a honeypot and a honeynet. Various configurations are possible. A honeypot could mimic a Microsoft computer or a Solaris or linux machine. There is more emphasis on the actual machine being linux, because of the open source nature, which has led to tools like Snort, Ethereal and Sebeb being available. Indeed, Snort-Inline and Sebek were developed by this project.

Lots of craft keyboard sniffing (Sebek) and network sniffing (Ethereal). Plus, variant arrangements like having one computer pretend to be several honeypots are described. Or another, where a honeynet might be physically distant from the production net, but linked to it via a VPN.

All this is scarcely the last word. The blackhats will certainly devour this book to concoct their next generation techniques. You can safely predict an eventual third edition of this book.