Quantcast
Username/Email:  Password: 
Home

Book Review - Know Your Enemy: Learning About Security Threats

Nov 22, 2004  By Ron Powell
 in
If you're looking to investigate potential security risks on your network, read this book first.

Title: Know Your Enemy: Learning About
Security Threats

Authors: The Honeynet Project

Addison-Wesley

ISBN: 0-321-16646-9

A honeypot is the term used for a single computer placed on the
Internet for the sole purpose of being compromised. A Honeynet, the subject
of this book, essentially is a honeypot writ large. Instead of deploying
a single computer to attract the more nefarious elements of computing
society, you deploy several computers--an entire network of computers--whose
sole purpose is to entice someone into attacking and compromising
your systems. The end result of this exercise is to learn more about what
kind of attacks you will see "in the wild" and how to defend against them.

The authors of Know Your Enemy: Learning About
Security Threats have done a spectacular job of covering both
the deployment of a honeynet and the analysis of captured data. One
of the book's major strengths is providing an extraordinary amount of
examples, sample code and advice on deployment and data analysis. I
especially liked that the book uses real data from actual attacks to
educate the reader. The authors cover Windows and Linux/UNIX
environments, and they are specific about which tools to use and why
those are the recommended tools.

This book even brings attention to the legal considerations of
running a honeynet, which is a subject
that needs serious attention. Perhaps the most entertaining
chapter of the book is Chapter 16, "Profiling", essentially a
psychological profile of black hat hackers. Hacker, however, is
not the proper term to use for someone who illegally attacks
and/or gains access to computer systems, and Chapter 16 offers a
thorough explanation of proper terminology.

Although I didn't have the resources to test most of the code, examples
and advice offered in this book, I believe it is remarkably thorough.
The CD-ROM included with the book contains the tools the authors use
throughout the text, as well as some sample data with which the reader
can interact.

I absolutely would put this book at the top of the reading list for
anyone about to deploy a honeynet. It might be a little too advanced
for someone without a basic understanding of what a honeypot or
honeynet is, but the book provides a wealth of information and is an
excellent reference for anyone thinking about planning and deploying a honeynet.

______________________

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Recommended for anyone in security

Anonymous's picture
Submitted by Anonymous (not verified) on Nov 29, 2004.

They have completely re-written the first edition, using authors who are experts on their material...and it shows. Nice work!

Post new comment

  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <pre> <ul> <ol> <li> <dl> <dt> <dd> <i> <b>
  • Lines and paragraphs break automatically.
  • Use to create page breaks.

More information about formatting options