Search
 Advanced SearchView Cart   Checkout   
 Location:  Home » Books » General AAS » Virtual Honeypots: From Botnet Tracking to Intrusion DetectionDecember 1, 2008  
Browse
Books
Computers
Electronics
Related Categories
• General AAS
Computer Science
New & Used Textbooks
Custom Stores
Specialty Stores
• General AAS
New & Used Textbooks
Custom Stores
Specialty Stores
Books
• General AAS
Qualifying Textbooks
Custom Stores
Specialty Stores
Books
• General
E-commerce
Industries & Professions
Business & Investing
Subjects
• General AAS
E-commerce
Industries & Professions
Business & Investing
Subjects
• General AAS
Internet
Home Computing
Computers & Internet
Subjects
• Privacy
Business & Culture
Computers & Internet
Subjects
Books
• Network Security
Networking
Computers & Internet
Subjects
Books
• General
Programming
Computers & Internet
Subjects
Books
• General AAS
Programming
Computers & Internet
Subjects
Books
• General
Software
Computers & Internet
Subjects
Books
• General AAS
Software
Computers & Internet
Subjects
Books
• Encryption
Security & Encryption
Web Development
Computers & Internet
Subjects
• General AAS
Security & Encryption
Web Development
Computers & Internet
Subjects
• General
Computers & Internet
Subjects
Books
• General AAS
Computers & Internet
Subjects
Books
• Paperback
Binding (binding)
Refinements
Books
• Printed Books
Format (feature_browse-bin)
Refinements
Books
Virtual Honeypots: From Botnet Tracking to Intrusion Detection
Virtual Honeypots: From Botnet Tracking to Intrusion Detection
Authors: Niels Provos, Thorsten Holz
Publisher: Addison-Wesley Professional
Category: Book

List Price: $49.99
Buy New: $28.65
You Save: $21.34 (43%)
Buy New/Used from $28.65

Avg. Customer Rating: 5.0 out of 5 stars(12 reviews)
Sales Rank: 254069

Languages: English (Original Language), English (Unknown), English (Published)
Media: Paperback
Edition: 1
Number Of Items: 1
Pages: 440
Shipping Weight (lbs): 1.4
Dimensions (in): 9.3 x 6.4 x 1.1

ISBN: 0321336321
Dewey Decimal Number: 005.8
EAN: 9780321336323
ASIN: 0321336321

Publication Date: July 26, 2007
Availability: Usually ships in 1-2 business days
Similar Items:

  • The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws
  • Fuzzing: Brute Force Vulnerability Discovery
  • Security Metrics: Replacing Fear, Uncertainty, and Doubt
  • Security Data Visualization: Graphical Techniques for Network Analysis
  • Network Warrior
Editorial Reviews:

Product Description

Praise for Virtual Honeypots

"A power-packed resource of technical, insightful information that unveils the world of honeypots in front of the reader?s eyes."

?Lenny Zeltser, Information Security Practice Leader at Gemini Systems

"This is one of the must-read security books of the year."

?Cyrus Peikari, CEO, Airscanner Mobile Security, author, security warrior

"This book clearly ranks as one of the most authoritative in the field of honeypots. It is comprehensive and well written. The authors provide us with an insider?s look at virtual honeypots and even help us in setting up and understanding an otherwise very complex technology."

?Stefan Kelm, Secorvo Security Consulting

"Virtual Honeypots is the best reference for honeypots today. Security experts Niels Provos and Thorsten Holz cover a large breadth of cutting-edge topics, from low-interaction honeypots to botnets and malware. If you want to learn about the latest types of honeypots, how they work, and what they can do for you, this is the resource you need."

?Lance Spitzner, Founder, Honeynet Project

"Whether gathering intelligence for research and defense, quarantining malware outbreaks within the enterprise, or tending hacker ant farms at home for fun, you?ll find many practical techniques in the black art of deception detailed in this book. Honeypot magic revealed!"

?Doug Song, Chief Security Architect, Arbor Networks

"Seeking the safest paths through the unknown sunny islands called honeypots? Trying to avoid greedy pirates catching treasures deeper and deeper beyond your ports? With this book, any reader will definitely get the right map to handle current cyber-threats.

Designed by two famous white hats, Niels Provos and Thorsten Holz, it carefully teaches everything from the concepts to practical real-life examples with virtual honeypots. The main strength of this book relies in how it covers so many uses of honeypots: improving intrusion detection systems, slowing down and following incoming attackers, catching and analyzing 0-days or malwares or botnets, and so on.

Sailing the high seas of our cyber-society or surfing the Net, from students to experts, it?s a must-read for people really aware of computer security, who would like to fight against black-hats flags with advanced modern tools like honeypots."

?Laurent Oudot, Computer Security Expert, CEA

"Provos and Holz have written the book that the bad guys don?t want you to read. This detailed and comprehensive look at honeypots provides step-by-step instructions on tripping up attackers and learning their tricks while lulling them into a false sense of security. Whether you are a practitioner, an educator, or a student, this book has a tremendous amount to offer. The underlying theory of honeypots is covered, but the majority of the text is a ?how-to? guide on setting up honeypots, configuring them, and getting the most out of these traps, while keeping actual systems safe. Not since the invention of the firewall has a tool as useful as this provided security specialists with an edge in the never-ending arms race to secure computer systems. Virtual Honeypots is a must-read and belongs on the bookshelf of anyone who is serious about security."

?Aviel D. Rubin, Ph.D., Computer Science Professor and Technical Director of the Information Security Institute at Johns Hopkins University, and President and Founder, Independent Security Evaluators

"An awesome coverage of modern honeypot technologies, both conceptual and practical."

?Anton Chuvakin

"Honeypots have grown from simple geek tools to key components in research and threat monitoring at major entreprises and security vendors. Thorsten and Niels comprehensive coverage of tools and techniques takes you behind the scene with real-world examples of deployment, data acquisition, and analysis."

?Nicolas Fischbach, Senior Manager, Network Engineering Security, COLT Telecom, and Founder of Securite.Org

Honeypots have demonstrated immense value in Internet security, but physical honeypot deployment can be prohibitively complex, time-consuming, and expensive. Now, there?s a breakthrough solution. Virtual honeypots share many attributes of traditional honeypots, but you can run thousands of them on a single system-making them easier and cheaper to build, deploy, and maintain.

In this hands-on, highly accessible book, two leading honeypot pioneers systematically introduce virtual honeypot technology. One step at a time, you?ll learn exactly how to implement, configure, use, and maintain virtual honeypots in your own environment, even if you?ve never deployed a honeypot before.

You?ll learn through examples, including Honeyd, the acclaimed virtual honeypot created by coauthor Niels Provos. The authors also present multiple real-world applications for virtual honeypots, including network decoy, worm detection, spam prevention, and network simulation.

After reading this book, you will be able to

  • Compare high-interaction honeypots that provide real systems and services and the low-interaction honeypots that emulate them
  • Install and configure Honeyd to simulate multiple operating systems, services, and network environments
  • Use virtual honeypots to capture worms, bots, and other malware
  • Create high-performance "hybrid" honeypots that draw on technologies from both low- and high-interaction honeypots
  • Implement client honeypots that actively seek out dangerous Internet locations
  • Understand how attackers identify and circumvent honeypots
  • Analyze the botnets your honeypot identifies, and the malware it captures
  • Preview the future evolution of both virtual and physical honeypots


Customer Reviews:   Read 7 more reviews...

5 out of 5 stars THE current reference about honeynet technologies and solutions   July 18, 2008
Honeynet solutions were seen just as a research technology a couple of years ago. It is not the case anymore. Due to the inherent constraints and limitations of the current and widely deployed intrusion detection solutions, like IDS/IPS and antivirus, it is time to extended our detection arsenal and capabilities with new tools: virtual honeypots.

Do not get confused about the book title, specially about the "virtual" term. The main reason to mention virtual honeypots, although the book covers all kind of honeynet/honeypot technologies, is because during the last few years virtualization has been a key element in the deployment of honeynets. It has offered us a significant cost reduction, more flexibility, reusability and multiple benefits. The main drawback of this solution is the detection of virtual environments by some malware specimens.

The detection of honeypots has always been one of the main concerns in the honeynet community, basically because if the attacker can identify them, they are useless. For this reason, one of the chapters is just focused on providing some light, tips, and tricks about what an adversary can really accomplish. In fact, we have not seen lots of real-world incidents where the attacker actively checks the existence of honeynet setups.

I have been working with honeynets during the last 5 years. We founded the Spanish Honeynet Project on 2004, and almost at the same time we became part of The Honeynet Project and released the Scan of the Month 32. The main honeynet/pot book reference till last year was the book published by the Honeynet Project. As this is a rapidly evolving field, definitely it has been replaced by this book, written by two project members.

The first chapter is a very brief introduction to honeynet technologies and basic tools. You can jump through it if you are not new to this field. Then, the book covers the main two honeypots types: high and low interaction. The high interaction section provides details about the tools to virtualize your honeypots: VMware, UML, or more specific solutions, such as Argos. The low interaction section provides details about some the most relevant honeypot types to cover lots of detection scenarios: worms, traditional server attacks, Google Hacking, Web-based attacks, etc. It is a wide overview that will give you lot of ideas for new deployments.

The whole book has been cooked with a how-to mentality , and it explains in detail how to install and configure the different tools and software elements covered. Additionally, it provides guidelines, best practices, and analysis recommendations for each tool based on the authors experience. However, for the how to portions take into account that most of the solutions are Linux-based, and the installation and setup process will vary based on the tool version and the Linux distribution you are using (library dependencies, etc). In any case, the step by step guides are very useful as a general setup reference.

From my perspective, the most valuable part of the book is chapters 4 to 6. The authors, Niels Provos and Throsten Holz, are the lead developer/architect for honeyd (chapter 4 and 5) and strongly related with nephentes (chapter 6), respectively. These two are the most famous and advanced low-interaction server-based honeypot and malware honeypot. They know what they are talking about :), and you cannot find a better reference out there for these two tools. The book is an excellent guide, covering from the design principles and innovative deployment ideas, to all kinds of configuration options and possibilities, including limitations on real-world scenarios. Chapter 6 is complemented with other less popular malware-based honeypots (except for Honeytrap).

The book includes some extra material, covering academic and research hybrid solution, still on their early stages, but that can give you and idea of where these technologies are evolving to and the major challenges we are facing nowadays. This pretty much theoretical content is well balanced with the case studies chapter, where real incidents involving different honeypot types are presented. These are always a fun read and a way of getting experience and learn how to deal with intrusions.

Finally, one of the main expansion areas we are involved today is the creation of new client-based honeypot technologies. This book section (highly recommended) does a great job introducing multiple high and low interaction honeyclients currently available, their benefits and drawbacks (chapter 7). This information is perfectly complemented by the last two chapters, focused on tracking botnets and analyzing malware with sandbox environments. Once a client is compromised, it typically becomes a member of a botnet, and for easy and quick categorization, we start by performing a malware analysis of the specimens. I recommend you to add all this knowledge to your incident handling and response capabilities.

Something I would have liked to see in the book is a section about a fully virtualized honeynet environment, showing how using VMware, you can build up a virtual Honeywall (just slightly mentioned on chapter 2) and different honeypots, creating a complete, cheap, mobile and multi-purpose virtual honeynet infrastructure. Also, we receive multiple questions related to this kind of setup in the Honeynet Project mailing lists, because all the previous whitepapers are obsoleted now. I've been deploying these type of solutions for fun and professionally during the last few years and I strongly recommend you to start using them. You won't be disappointed about how much you can learn of what is going on in your networks and systems, and this book is the best starting point.

If you have any relationship with the intrusion detection, incident handling and forensics, threat analysis, or SOC and CERT security side of things, definitely this book is for you. Go through it and improve your capabilities with easy to deploy virtual honeypot solutions. You just need a (not so new) computer, virtualization software, and some time!


5 out of 5 stars Fantastic intro and depth   March 24, 2008
The book is well written and I feel that I will be successful in setting up my first honey pot once I get my network segmented for security purposes.


5 out of 5 stars Excellent, modern book on digital defense   January 7, 2008
  2 out of 2 found this review helpful

It's fairly difficult to find good books on digital defense. Breaking and entering seems to be more exciting than protecting victims. Thankfully, Niels Provos and Thorsten Holz show that defense can be interesting and innovative too. Their book Virtual Honeypots is your ticket for deploying defensive resources that will provide greater digital situational awareness.

A security technician with some degree of proficiency should be able to read Virtual Honeypots and then implement at least one of the solutions presented. This sounds like a fairly common event, but too often technical books do not provide the detail required to transform theory into practice. Virtual Honeypots offers installation and operational guidance for a variety of deception and analysis systems, primarily for server-oriented technologies. I especially gained a better understanding of Honeyd and Nepenthes, the two applications about which I cared the most.

While I liked the first 2/3 of the book, I have to say I really enjoyed the last four chapters. These covered Detecting Honeypots, Case Studies, Tracking Botnets, and Analyzing Malware with CWSandbox. Of these the final chapter was superb. Ch 12 has probably the clearest explanation of hooking I've read anywhere. I am not a rootkit writer or Windows kernel programmer, but the text was so well written I had zero problems following along.

I gave Virtual Honeypots five stars because it is so unique and well-written, but I do have a few minor issues to mention. First, I was somewhat disappointed by the honeyclients section (ch 8). I was not as confident that I could implement a honeyclient solution after reading the great material on server-oriented honeypots. Perhaps the second edition or a separate book will give greater attention to this area. Second, I found a few small technical items. On p 4, it isn't accurate to say "TCP...[gives] each packet a sequence number." Bytes of application data are numbered, not packets. On p 13 we are told to use a snaplen of 1500 bytes, but this will cut off the last 14 bytes of many Ethernet frames. Try it with ping -s 1472 while sniffing with Tcpdump. As you can see, these minor issues are easily fixed in a future printing and do not justify dropping a star.

If you are at all interested in potentially deceiving intruders, buy and read Virtual Honeypots. You'll learn about more than VMware (QEMU, UML, etc.) as well as numerous open source tools you can download and try for free. I look forward to reading more from these authors -- perhaps a book of true case studies?


5 out of 5 stars Virtual Honeypots   December 18, 2007
Excellent, really good, sorry for my bad English, but is EXCELENT BOOK.

Regards

Carlos


5 out of 5 stars A Fantastic Introduction to Honeypots   November 11, 2007
I have relatively little to add to the praise that has already been given of this book, but I found it extremely enjoyable. In particular, the chapters on collecting and analyzing malware were quite good, in my mind. I think the book delves a bit too deeply into man page territory with the level of detail provided on the minutia of utilities, but that doesn't detract from the book, as it is very clearly segmented away from loftier topics.

Overall, I found this book to be quite excellent, and very informative and accessible to those new to the arena of Honeypots.

Powered by: Dknc, inc. and Amazon.com


For your safety and security, orders are processed through amazon.com