Rating: 
Summary: Sophisticated methods and countermeasures
Review: The authors extensively document their honeypot project, which was designed to deflect attackers away from real systems and data assets by using decoys. The project evolved into something much more, which is chronicled in the book. The first part of the book deals with technical issues and how and why the project was initiated. As the chronicle of the project proceeds the authors begin adding a new dimension to information security: psychological profiling. This is where the book becomes fascinating, and where reading the book becomes tedious. The fascination stems from the methods used to identify, classify and profile their attackers. The tedium in reading the book is that you have to carefully read through logs of chats (Chapter 11, In their Own Words). This is not the stuff of casual reading - but is worth the time, effort and pain it takes to wade through this chapter. Part of the tedium, aside from having to read raw (but annotated) logs is that profiling attackers requires an understanding of cultural issues, psychological motivations and risks associated with each attacker profile. The accompanying CD ROM contains tools and supporting material for each of the chapters. The tools are the ones the project uses in building, maintaining, and using a Honeynet environment, and includes source code, precompiled binaries, and documentation. The supporting material consists of source code, network captures, and other information related to specific chapters. The sophisticated profiling methods described his book are more suited for large corporations, organizations that support unpopular social causes (commercial and non-commercial) and targets of information warfare attacks. I personally believe that the book adds a new dimension to IT security, making it an important contribution to the security body of knowledge.
Rating: 
Summary: Almost no useful information.
Review: This book is mainly about how to setup a honeypot or in other words the theory behind a honeypot. The actual root methods are very primitive and reveal almost no useful tactics to any intelligent computer user. Then the authors combine this with 100 pages of irc chats which are pathetic. I would not recommend buying this book.
Rating:
Summary: Well written, researched and titled
Review: This is a fascinating read about how understanding hacking, from gathering the data, to the forensic analysis. The second part, on the forensic analysis is very detailed and well written. The root idea is very simple, put an attractive target on the Internet, wait until it's hacked (and it will be), and then analyze the attack. The first part of the book covers the construction of these attractive 'honeypots'. The second part covers how to analyze the inevitable attack. The third part, which is the most high level, is about the culture of hacking and hackers. I would recommend this book to anyone involved in securing systems on the open internet who has a good understanding of the technology behind networking and operating systems.
Rating: 
Summary: The struggle against blackhats continues
Review: [This is a review of the Second Edition, May 2004.] The Honeynet Project grew out of an informal group of computer experts who decided to take an active role in tracking breakins to computers. Existing countermeasures, like firewalls, and frequent patches of discovered firmware bugs, were fundamentally defensive. And did not actively try to understand the capabilities and intentions of the crackers/intruders/blackhats. This second edition describes what they term Gen 2 Honeynets. These are more sophisticated than Gen 1 networks of honeypots, where a honeypot is a computer expressly deployed for blackhats to intrude upon. The book delves in some length on how to construct a honeypot and a honeynet. Various configurations are possible. A honeypot could mimic a Microsoft computer or a Solaris or linux machine. There is more emphasis on the actual machine being linux, because of the open source nature, which has led to tools like Snort, Ethereal and Sebeb being available. Indeed, Snort-Inline and Sebek were developed by this project. Lots of craft keyboard sniffing (Sebek) and network sniffing (Ethereal). Plus, variant arrangements like having one computer pretend to be several honeypots are described. Or another, where a honeynet might be physically distant from the production net, but linked to it via a VPN. All this is scarcely the last word. The blackhats will certainly devour this book to concoct their next generation techniques. You can safely predict an eventual third edition of this book.
| 
