Praise for Virtual Honeypots "A power-packed resource of technical, insightful information that unveils the world of honeypots in front of the reader’s eyes." —Lenny Zeltser, Information Security Practice Leader at Gemini Systems "This is one of the must-read security books of the year." —Cyrus Peikari, CEO, Airscanner Mobile Security, author, security warrior "This book clearly ranks as one of the most authoritative in the field of honeypots. It is comprehensive and well written. The authors provide us with an insider’s look at virtual honeypots and even help us in setting up and understanding an otherwise very complex technology." —Stefan Kelm, Secorvo Security Consulting "Virtual Honeypots is the best reference for honeypots today. Security experts Niels Provos and Thorsten Holz cover a large breadth of cutting-edge topics, from low-interaction honeypots to botnets and malware. If you want to learn about the latest types of honeypots, how they work, and what they can do for you, this is the resource you need." —Lance Spitzner, Founder, Honeynet Project "Whether gathering intelligence for research and defense, quarantining malware outbreaks within the enterprise, or tending hacker ant farms at home for fun, you’ll find many practical techniques in the black art of deception detailed in this book. Honeypot magic revealed!" —Doug Song, Chief Security Architect, Arbor Networks "Seeking the safest paths through the unknown sunny islands called honeypots? Trying to avoid greedy pirates catching treasures deeper and deeper beyond your ports? With this book, any reader will definitely get the right map to handle current cyber-threats. Designed by two famous white hats, Niels Provos and Thorsten Holz, it carefully teaches everything from the concepts to practical real-life examples with virtual honeypots. The main strength of this book relies in how it covers so many uses of honeypots: improving intrusion detection systems, slowing down and following incoming attackers, catching and analyzing 0-days or malwares or botnets, and so on. Sailing the high seas of our cyber-society or surfing the Net, from students to experts, it’s a must-read for people really aware of computer security, who would like to fight against black-hats flags with advanced modern tools like honeypots." —Laurent Oudot, Computer Security Expert, CEA "Provos and Holz have written the book that the bad guys don’t want you to read. This detailed and comprehensive look at honeypots provides step-by-step instructions on tripping up attackers and learning their tricks while lulling them into a false sense of security. Whether you are a practitioner, an educator, or a student, this book has a tremendous amount to offer. The underlying theory of honeypots is covered, but the majority of the text is a ‘how-to’ guide on setting up honeypots, configuring them, and getting the most out of these traps, while keeping actual systems safe. Not since the invention of the firewall has a tool as useful as this provided security specialists with an edge in the never-ending arms race to secure computer systems. Virtual Honeypots is a must-read and belongs on the bookshelf of anyone who is serious about security." —Aviel D. Rubin, Ph.D., Computer Science Professor and Technical Director of the Information Security Institute at Johns Hopkins University, and President and Founder, Independent Security Evaluators "An awesome coverage of modern honeypot technologies, both conceptual and practical." —Anton Chuvakin "Honeypots have grown from simple geek tools to key components in research and threat monitoring at major entreprises and security vendors. Thorsten and Niels comprehensive coverage of tools and techniques takes you behind the scene with real-world examples of deployment, data acquisition, and analysis." —Nicolas Fischbach, Senior Manager, Network Engineering Security, COLT Telecom, and Founder of Sécurité.Org Honeypots have demonstrated immense value in Internet security, but physical honeypot deployment can be prohibitively complex, time-consuming, and expensive. Now, there’s a breakthrough solution. Virtual honeypots share many attributes of traditional honeypots, but you can run thousands of them on a single system-making them easier and cheaper to build, deploy, and maintain. In this hands-on, highly accessible book, two leading honeypot pioneers systematically introduce virtual honeypot technology. One step at a time, you’ll learn exactly how to implement, configure, use, and maintain virtual honeypots in your own environment, even if you’ve never deployed a honeypot before. You’ll learn through examples, including Honeyd, the acclaimed virtual honeypot created by coauthor Niels Provos. The authors also present multiple real-world applications for virtual honeypots, including network decoy, worm detection, spam prevention, and network simulation. After reading this book, you will be able to Compare high-interaction honeypots that provide real systems and services and the low-interaction honeypots that emulate them Install and configure Honeyd to simulate multiple operating systems, services, and network environments Use virtual honeypots to capture worms, bots, and other malware Create high-performance "hybrid" honeypots that draw on technologies from both low- and high-interaction honeypots Implement client honeypots that actively seek out dangerous Internet locations Understand how attackers identify and circumvent honeypots Analyze the botnets your honeypot identifies, and the malware it captures Preview the future evolution of both virtual and physical honeypots
Les mer
Preface xiii Acknowledgments xxi About the Authors xxiii Chapter 1 Honeypot and Networking Background 1 1.1 Brief TCP/IP Introduction 1 1.2 Honeypot Background 7 1.3 Tools of the Trade 13 Chapter 2 High-Interaction Honeypots 19 2.1 Advantages and Disadvantages 20 2.2 VMware 22 2.3 User-Mode Linux 41 2.4 Argos 52 2.5 Safeguarding Your Honeypots 62 2.6 Summary 69 Chapter 3 Low-Interaction Honeypots 71 3.1 Advantages and Disadvantages 72 3.2 Deception Toolkit 73 3.3 LaBrea 74 3.4 Tiny Honeypot 81 3.5 GHH—Google Hack Honeypot 87 3.6 PHP.HoP—A Web-Based Deception Framework 94 3.7 Securing Your Low-Interaction Honeypots 98 3.8 Summary 103 Chapter 4 Honeyd—The Basics 105 4.1 Overview 106 4.2 Design Overview 109 4.3 Receiving Network Data 112 4.4 Runtime Flags 114 4.5 Configuration 115 4.6 Experiments with Honeyd 125 4.7 Services 129 4.8 Logging 131 4.9 Summary 134 Chapter 5 Honeyd—Advanced Topics 135 5.1 Advanced Configuration 136 5.2 Emulating Services 139 5.3 Subsystems 142 5.4 Internal Python Services 146 5.5 Dynamic Templates 148 5.6 Routing Topology 150 5.7 Honeydstats 154 5.8 Honeydctl 156 5.9 Honeycomb 158 5.10 Performance 160 5.11 Summary 161 Chapter 6 Collecting Malware with Honeypots 163 6.1 A Primer on Malicious Software 164 6.2 Nepenthes—A Honeypot Solution to Collect Malware 165 6.3 Honeytrap 197 6.4 Other Honeypot Solutions for Learning About Malware 204 6.5 Summary 207 Chapter 7 Hybrid Systems 209 7.1 Collapsar 211 7.2 Potemkin 214 7.3 RolePlayer 220 7.4 Research Summary 224 7.5 Building Your Own Hybrid Honeypot System 224 7.6 Summary 230 Chapter 8 Client Honeypots 231 8.1 Learning More About Client-Side Threats 232 8.2 Low-Interaction Client Honeypots 241 8.3 High-Interaction Client Honeypots 253 8.4 Other Approaches 263 8.5 Summary 272 Chapter 9 Detecting Honeypots 273 9.1 Detecting Low-Interaction Honeypots 274 9.2 Detecting High-Interaction Honeypots 280 9.3 Detecting Rootkits 302 9.4 Summary 305 Chapter 10 Case Studies 307 10.1 Blast-o-Mat: Using Nepenthes to Detect Infected Clients 308 10.2 Search Worms 327 10.3 Red Hat 8.0 Compromise 332 10.4 Windows 2000 Compromise 343 10.5 SUSE 9.1 Compromise 351 10.6 Summary 357 Chapter 11 Tracking Botnets 359 11.1 Bot and Botnet 101 360 11.2 Tracking Botnets 373 11.3 Case Studies 376 11.4 Defending Against Bots 387 11.5 Summary 390 Chapter 12 Analyzing Malware with CWSandbox 391 12.1 CWSandbox Overview 392 12.2 Behavior-Based Malware Analysis 394 12.3 CWSandbox—System Description 401 12.4 Results 405 12.5 Summary 413 Bibliography 415 Index 423
Les mer
Praise for Virtual Honeypots "A power-packed resource of technical, insightful information that unveils the world of honeypots in front of the reader’s eyes." —Lenny Zeltser, Information Security Practice Leader at Gemini Systems "This is one of the must-read security books of the year." —Cyrus Peikari, CEO, Airscanner Mobile Security, author, security warrior "This book clearly ranks as one of the most authoritative in the field of honeypots. It is comprehensive and well written. The authors provide us with an insider’s look at virtual honeypots and even help us in setting up and understanding an otherwise very complex technology." —Stefan Kelm, Secorvo Security Consulting "Virtual Honeypots is the best reference for honeypots today. Security experts Niels Provos and Thorsten Holz cover a large breadth of cutting-edge topics, from low-interaction honeypots to botnets and malware. If you want to learn about the latest types of honeypots, how they work, and what they can do for you, this is the resource you need." —Lance Spitzner, Founder, Honeynet Project "Whether gathering intelligence for research and defense, quarantining malware outbreaks within the enterprise, or tending hacker ant farms at home for fun, you’ll find many practical techniques in the black art of deception detailed in this book. Honeypot magic revealed!" —Doug Song, Chief Security Architect, Arbor Networks "Seeking the safest paths through the unknown sunny islands called honeypots? Trying to avoid greedy pirates catching treasures deeper and deeper beyond your ports? With this book, any reader will definitely get the right map to handle current cyber-threats. Designed by two famous white hats, Niels Provos and Thorsten Holz, it carefully teaches everything from the concepts to practical real-life examples with virtual honeypots. The main strength of this book relies in how it covers so many uses of honeypots: improving intrusion detection systems, slowing down and following incoming attackers, catching and analyzing 0-days or malwares or botnets, and so on. Sailing the high seas of our cyber-society or surfing the Net, from students to experts, it’s a must-read for people really aware of computer security, who would like to fight against black-hats flags with advanced modern tools like honeypots." —Laurent Oudot, Computer Security Expert, CEA "Provos and Holz have written the book that the bad guys don’t want you to read. This detailed and comprehensive look at honeypots provides step-by-step instructions on tripping up attackers and learning their tricks while lulling them into a false sense of security. Whether you are a practitioner, an educator, or a student, this book has a tremendous amount to offer. The underlying theory of honeypots is covered, but the majority of the text is a ‘how-to’ guide on setting up honeypots, configuring them, and getting the most out of these traps, while keeping actual systems safe. Not since the invention of the firewall has a tool as useful as this provided security specialists with an edge in the never-ending arms race to secure computer systems. Virtual Honeypots is a must-read and belongs on the bookshelf of anyone who is serious about security." —Aviel D. Rubin, Ph.D., Computer Science Professor and Technical Director of the Information Security Institute at Johns Hopkins University, and President and Founder, Independent Security Evaluators "An awesome coverage of modern honeypot technologies, both conceptual and practical." —Anton Chuvakin "Honeypots have grown from simple geek tools to key components in research and threat monitoring at major entreprises and security vendors. Thorsten and Niels comprehensive coverage of tools and techniques takes you behind the scene with real-world examples of deployment, data acquisition, and analysis." —Nicolas Fischbach,
Les mer
Over the past several years, honeypots have demonstrated their value as a security mechanism. However, physical honeypot deployment is often time intensive and expensive, as different operating systems require specialized hardware and every honeypot requires its own physical system. Consequently, honeypots are deployed only by organizations that can afford the cost and overhead. Virtual honeypots offer a solution for a much broader audience. These systems share many of the values of traditional honeypots, but have the advantages of running on a single system. This makes virtual honeypots cheaper to build, easier to deploy, and simpler to maintain. Virtual Honeypots is a guide to virtual honeypots and their applications. Examples cover a wide range of virtual honeypot applications including network decoy, worm detection, spam prevention, forensic analysis as well as network simulation (used by professors in universities to teach protocols and by corporate trainers to train security professionals to scan for vulnerabilities). One section is also devoted to the author's honeyd virtual honeypot, which is used by the US Military in it's network security efforts. Of particular interest to readers will be Provos' presentation of the hybrid virtual honeypot, which combines the power of the expensive, high-interaction honeypots with the ease of configuration and maintenance of low-interaction honeypots.
Les mer
First book on virtual honeypots from the developer of honeyd, an open source virtual honeypot used by the US military Master the configuration and maintenance of virtual honeypots which are cheaper and easier to install than traditional, physical honeypots Review real world examples of virtual honeypots used for a variety of applications including network decoy, worm detection, spam prevention, and forensic analysis Learn about the author's highly acclaimed honeyd open source virtual honeypot
Les mer

Produktdetaljer

ISBN
9780321336323
Publisert
2007-08-02
Utgiver
Vendor
Addison-Wesley Educational Publishers Inc
Vekt
100 gr
Høyde
100 mm
Bredde
100 mm
Dybde
100 mm
Aldersnivå
U, 05
Språk
Product language
Engelsk
Format
Product format
Heftet
Antall sider
480

Om bidragsyterne

Niels Provos received a Ph.D. from the University of Michigan in 2003, where he studied experimental and theoretical aspects of computer and network security. He is one of the OpenSSH creators and known for his security work on OpenBSD. He developed Honeyd, a popular open source honeypot platform; SpyBye, a client honeypot that helps web masters to detect malware on their web pages; and many other tools such as Systrace and Stegdetect. He is a member of the Honeynet Project and an active contributor to open source projects. Provos is currently employed as senior staff engineer at Google, Inc. Thorsten Holz is a Ph.D. student at the Laboratory for Dependable Distributed Systems at the University of Mannheim, Germany. He is one of the founders of the German Honeynet Project and a member of the Steering Committee of the Honeynet Research Alliance. His research interests include the practical aspects of secure systems, but he is also interested in more theoretical considerations of dependable systems. Currently, his work concentrates on bots/botnets, client honeypots, and malware in general. He regularly blogs at http://honeyblog.org.