Book Review - Know Your Enemy: Learning About Security Threats
November 22nd, 2004 by Ron Powell in
A honeypot is the term used for a single computer placed on the Internet for the sole purpose of being compromised. A Honeynet, the subject of this book, essentially is a honeypot writ large. Instead of deploying a single computer to attract the more nefarious elements of computing society, you deploy several computers--an entire network of computers--whose sole purpose is to entice someone into attacking and compromising your systems. The end result of this exercise is to learn more about what kind of attacks you will see "in the wild" and how to defend against them.
The authors of Know Your Enemy: Learning About Security Threats have done a spectacular job of covering both the deployment of a honeynet and the analysis of captured data. One of the book's major strengths is providing an extraordinary amount of examples, sample code and advice on deployment and data analysis. I especially liked that the book uses real data from actual attacks to educate the reader. The authors cover Windows and Linux/UNIX environments, and they are specific about which tools to use and why those are the recommended tools.
This book even brings attention to the legal considerations of running a honeynet, which is a subject that needs serious attention. Perhaps the most entertaining chapter of the book is Chapter 16, "Profiling", essentially a psychological profile of black hat hackers. Hacker, however, is not the proper term to use for someone who illegally attacks and/or gains access to computer systems, and Chapter 16 offers a thorough explanation of proper terminology.
Although I didn't have the resources to test most of the code, examples and advice offered in this book, I believe it is remarkably thorough. The CD-ROM included with the book contains the tools the authors use throughout the text, as well as some sample data with which the reader can interact.
I absolutely would put this book at the top of the reading list for anyone about to deploy a honeynet. It might be a little too advanced for someone without a basic understanding of what a honeypot or honeynet is, but the book provides a wealth of information and is an excellent reference for anyone thinking about planning and deploying a honeynet.
Special Magazine Offer -- Free Gift with Subscription
Receive a free digital copy of Linux Journal's System Administration Special Edition as well as instant online access to current and past issues. CLICK HERE for offer
Linux Journal: delivering readers the advice and inspiration they need to get the most out of their Linux systems since 1994.
Delicious
Digg
StumbleUpon
Reddit
Facebook
Post to TwitterSubscribe now!
The Latest
Newsletter
Tech Tip Videos
Recently Popular
From the Magazine
July 2009, #183
News Flash: Linux Kernel 3.0 to include an on-the-go Expresso machine interface! Ok, maybe not, but Linux is definitely going mobile, from phones to e-readers. Find out more inside about Android, the Kindle 2, the Western Digital MyBook II, The Bug, and Indamixx (a portable recording studio). And if you've gone mobile and you been wanting more Emacs in your life then check out Conkeror.
To compliment the mobile we've got the stationary: parsing command line options with getopt, checking your Ruby code with metric_fu, and building a secure Squid proxy. How is this stationary you ask? What can we say? It's not. We just wanted to see if anybody actually read this part of the page :) .
All this and more, and all you have to do is get your hot sweaty hands on the latest copy of Linux Journal.
Recommended for anyone in security
On November 29th, 2004 Anonymous (not verified) says:
They have completely re-written the first edition, using authors who are experts on their material...and it shows. Nice work!
Post new comment