Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security CISSP-Discussion
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[CISSP-D] REVIEW: "Virtual Honeypots", Niels Provos/Thorsten Holz

from [Rob, grandpa of Ryan, Trevor, Devon & Hannah] Network Security [Permanent Link]
Subject: [CISSP-D] REVIEW: "Virtual Honeypots", Niels Provos/Thorsten Holz
Date: Mon, 07 Jan 2008 10:54:36 -0800 
BKVRTHNP.RVW   20070930

"Virtual Honeypots", Niels Provos/Thorsten Holz, 2008, 0-321-33632-1,
U$49.99/C$61.99
%A   Niels Provos
%A   Thorsten Holz
%C   P.O. Box 520, 26 Prince Andrew Place, Don Mills, Ontario  M3C 2T8
%D   2008
%G   0-321-33632-1 978-0-321-33632-3
%I   Addison-Wesley Publishing Co.
%O   U$49.99/C$61.99 800-822-6339 617-944-3700 bkexpress@aw.com
%O  http://www.amazon.com/exec/obidos/ASIN/0321336321/robsladesinterne
  http://www.amazon.co.uk/exec/obidos/ASIN/0321336321/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/0321336321/robsladesin03-20
%O   Audience i- Tech 2 Writing 1 (see revfaq.htm for explanation)
%P   440 p.
%T   "Virtual Honeypots: From Botnet Tracking to Intrusion Detection"

Right off the top you have to question the reliability of research
that credits, in the preface, Robert Morris with "inventing" (in the
course of creating the Internet Worm of 1988) the buffer overflow.

Chapter one provides some background information for honeypot
operation, with a very terse review of some basic TCP/IP protocols,
descriptions of some common honeypot types, and a few tools that can
be used for data capture and analysis.  High-interaction honeypots are
defined (by the authors in chapter two) as virtual machines that can
provide (to the attacker or intruder) as much, or as little,
functionality as you wish.  A number of such machines are described,
mostly in terms of installation.  Overviews (and installation
instructions) for a variety of specialized and limited emulators are
given in chapter three.  Chapter four introduces the honeyd program
that is widely used for creating multiple virtual machines on a single
computer.  Advanced functions of honeyd are discussed in chapter five.

Chapter six examines the possibilities for collecting malware with
honeypots, specifically the nepenthes and honeytrap programs.  Some
systems for presenting apparently extensive functionality without
risking the danger of a compromise are explained in chapter seven. 
Emulation of the activity of an active computer or Internet user
(rather than a passive server) is the idea behind client honeypots as
outlined in chapter eight.

Indications that betray the presence or operation of a honeypot are
discussed in chapter nine.  Some experiences using honeypots are noted
in chapter ten. Chapter eleven specifically examines the use of
honeypots to discover the functions and activity of botnets. 
CWSandbox, a tool for the analysis of malware, is explored in chapter
twelve.

The classic text in the field of honeypots is, of course, "Know Your
Enemy" (cf. BKKNYREN.RVW).  That volume does not go into specific
details of construction in the way that Spitzer's "Honeypots" (cf.
BKHNYPOT.RVW) or even Grimes' "Honeypots for Windows" (cf.
BKHNPTWN.RVW) does.  However, between them the existing works provide
a solid background, and this tome adds little to the mix.  The
addition of client honeypots is valuable, but the writing and
explanations provide little that will be of help to those trying to
use the technology.

copyright Robert M. Slade, 2007   BKVRTHNP.RVW   20070930


======================  (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca     slade@victoria.tc.ca     rslade@computercrime.org
     DYNAMIC LINKING ERROR: Your mistake is now everywhere.
http://victoria.tc.ca/techrev/rms.htm


 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/CISSP-Discuss/

<*> Your email settings:
    Individual Email | Traditional

<*> To change settings online go to:
    http://groups.yahoo.com/group/CISSP-Discuss/join
    (Yahoo! ID required)

<*> To change settings via email:
    mailto:CISSP-Discuss-digest@yahoogroups.com 
    mailto:CISSP-Discuss-fullfeatured@yahoogroups.com

<*> To unsubscribe from this group, send an email to:
    CISSP-Discuss-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [CISSP-D] REVIEW: "Virtual Honeypots", Niels Provos/Thorsten Holz, Rob, grandpa of Ryan, Trevor, Devon & Hannah <=
Previous by Date:  [CISSP-D] REVIEW: "Hacking Wireless Networks for Dummies", Kevin Beaver/Peter T. Davis, Rob, grandpa of Ryan, Trevor, Devon & Hannah
Next by Date:  [CISSP-D] REVIEW: "Designing BSD Rootkits", Joseph Kong, Rob, grandpa of Ryan, Trevor, Devon & Hannah
Previous by Thread:  [CISSP-D] REVIEW: "Hacking Wireless Networks for Dummies", Kevin Beaver/Peter T. Davis, Rob, grandpa of Ryan, Trevor, Devon & Hannah
Next by Thread:  [CISSP-D] REVIEW: "Designing BSD Rootkits", Joseph Kong, Rob, grandpa of Ryan, Trevor, Devon & Hannah
Indexes:  [Date] [Thread] [Top] [All Lists]