Customer Reviews

Honeypots: Tracking Hackers

5 star:		(9)
4 star:		(3)
3 star:		(0)
2 star:		(0)
1 star:		(0)

 

 

If you liked "Know Your Enemy" by the Honeynet Project, you will
undoubtedly like Lance Spitzner's (the Honeynet Project founder) new
book "Tracking Hackers" much more. In fact, even if you did not quite
like "Know Your Enemy", you will likely be deeply impressed with the
new book on honeypots and their use for tracking hackers.

The structure of the book is different from the "Know Your Enemy":
Lance starts from the very beginning - namely, his first honeypot
penetration experience and then goes on to talk about all aspects of
honeypots. In-depth and structured background on honeypot technology
is provided. Honeypots are sorted by the level of interaction with
attacker they are able to provide.

In addition, the book covers the business benefits of using
honeypots. By classifying the value of honeypots into prevention,
detection and response (exactly as done in Honeynet Project white
papers) Lance Spitzner analyzes the honeypot technology contributions
to an overall security posture. Also, the book describes the
differences between the research and production honeypots and
demonstrates the benefits of both for various deployment scenarios.

A good part of the book is devoted to particular honeypot solutions:
'honeyd' by Niels Provos and several commercial honeypots with
detailed explanation of how they work. For example, there is a clear
description of ARP spoofing and how it is used by the 'honeyd'
honeypot daemon. An interesting chapter on "homegrown" honeypot
solutions (such as the ones used to capture popular worms of 2001)
sheds some light on the simplest honeypots that can be built for
specific purposes, such as to capture a popular attack by means of a
simple port listener. Use of UNIX chroot() jail environment for
honeypots is also analyzed.

Of course, a special chapter is devoted to honeynets - Project's
primary weapon in a war against malicious hackers. The Generation II
(GenII) honeynet technology is first introduced in a book. The chapter
not only lists honeynet deployment and maintenance suggestions, but
also talks about the risks of honeynets.

Another great feature of the book is a chapter on honeypot
implementation strategies and methods, such as using NAT to forward
traffic to a honeypot and DMZ honeypot installation. The information
is then further demonstrated using the two full honeypot case studies,
from planning to operation.

What is even more important, maintaining the honeypot architecture is
covered in a separate chapter. Honeypots are a challenge to run,
mainly since no 'lock it down and maintain state' is possible. One has
to constantly build defenses and hide and dodge attacks that cannot be
defended against.

"Tracking hackers" also has a "Legal Issues" chapter, written with a
lot of feedback from the DoJ official. It dispels some of the
misconceptions about the honeypots such as the "entrapment" issue,
summarizes wiretap laws and related data capture problems.

The book describes an almost cutting edge of the honeypot research and
technology. To truly get the cutting edge and to know about the
Honeynet Project latest activities in detail, wait for the second
edition of "Know Your Enemy" (coming out next year). In "Tracking
Hackers" Lance makes some predictions about honeypots in "Future of
Honeypots" chapter. Honeypot-based early warning system and
distributed deployments, analysis of new threats and expanding
research applications, making honeypots easier to deploy and maintain
are all in this chapter.

To conclude, Marcus Ranum's enthusiastic preface is not an
overstatement, it is indeed a great book for both security
professionals and others interested in this exciting technology.
While I was already familiar with most of the information in the book,
it was a fascinating read! This is the kind of book you don't want or
even cannot put down until the last page is turned.

Anton Chuvakin, Ph.D., GCIA is a Senior Security Analyst with a major
information security company. His areas of infosec expertise include
intrusion detection, UNIX security, honeypots, etc. In his spare time
he maintains his security portal info-secure.org

Lance is the "been there, done that" guy when it comes to honeypots and that really shows this book teaches, but it also entertains. Honeypots: Tracking Hackers grabs your interest from the start with a real life story of an underground hacker with a powerful new hacking tool, attacking hundreds, if not thousands, of systems all over the world.

Lance begins with how he got interested in honeypots and goes on to describe the different tools that are available, how they work and how anyone can set up their system to learn how to defend from novel attacks attacks. From the personal home computer to huge networks, Lance and his team have a solution.

He puts attackers in two categories: those who want to attack as many systems as possible and those who target a specific system of high value. By defining these attackers the audience has a clear understanding of what they are dealing with.

Starting with the history and definition of honeypots and honeynets, he takes us through characteristics and the different levels of interaction, how to configure different levels of honeypots, then on to the need to convince management of the value of honeypots and finally the legal issues (USA law) involved.

Honeypots are becoming more acceptable as hackers get into more systems and management is mandated to stop the attacks. They shouldn't be anyone's first line of defense, but for advanced sites, this is an important suite of technologies.

Honeypots: Tracking Hackers is a must read for novices and experienced security officers, alike. It will keep your attention and make you want to set up your own honeypot! If the book is not on your bookshelf and if honeypots are not part of your defensive information plans, something is wrong!

During the 1990s, publishers printed a handful of computer security books per year. Now dozens appear each month, all competing for our limited time and shelf space. Of these "new" books, hardly any offer original, innovative material. Thankfully, Lance Spitzner's "Honeypots" breaks this trend. His is the only book devoted to honeypot technologies, and it will both motivate and inform any reader.

"Honeypots" is one-stop-shopping for the world of blackhat deception and observation. Spitzner gets the reader up to speed on commercial and free honeypot technologies, then effectively argues how these tools fit within the enterprise's security infrastructure. He concludes with explanations of how to configure, deploy, and operate a variety of honeypots.

"Honeypots" shines with good material, like the honeypot history in chapter 3, the explanation of GenI and GenII honeynets in chapter 11, and the all-star legal discussion in chapter 15. Spitzner also demonstrates his understanding of subtle but critical security engineering concepts, such as learning by analyzing failure (p. 8) and studying second-order effects when first-order events are tough to detect (chapter 4).

I have two minor critiques. First, the text could have been a bit more concise. Second, it's best not to confuse people by calling the "link" layer by the name "layer 1" and the network layer as "layer 2" (p. 149). Stevens and others do show the TCP/IP model as link - network - transport - application. However, network engineers usually think of "layer 2" as the data link layer and "layer 3" as the network layer.

I was a big fan of the HoneyNet Project's book, minus the 150 pages of IRC logs. I think all security-minded readers will find the entire "Honeypots" book exciting. I rarely find security books that rally me to join a cause, but Spitzner's is an exception.

I just read this book and am really impressed. It is not worse or better than other similar books. It is just the only serious book around.(on these issues). Perhaps you could compare it with 'Know your Enemy' (KyE) but then 'Tracking Hackers' would win hands down. After all, about the same content of KyE can be found in the pages of 'The Honeynet Project'. Of course KyE is more concise and organized (than the site), easier to use for understanding Honeynets, and several original attacks are discussed in the book. A good book indeed.

However, HTH is very special, because for the first time there is an extensive discussion about Honeypots, in a unique document (book). And it is very well written. From beginners to experts everybody will enjoy the book. Every single detail is clearly and patiently explained and fitted in the honeypots puzzle. The case studies are clever and representative. The Honeypots are classified according their level of interaction, and treated following the same sequence: BOF, Specter, Honeyd, Man Trap, and 'Home Made' Honeypots (including Jailed Environments) are thoroughly analyzed.

Even Honeynets are discussed, and an significative case study is used to 'put all together'.
As a bonus the related 'legal issues' are also discussed (new to me).
At the bottom line it is an excellent book not only for reading (beginners and intermediates), but also for being used by experts as a reference in Security Courses (just what I am planning to do).

I've been watching Lance and the honeynet guys' progress since they started and I think they're one of the leading lights in the security field right now. This is a well-written and interesting book with lots of crunchy technical stuff! A+!

I thought this was a great overview of the Honeypot and Honeynet mechanisms. In my role as a system artchitect I could probably benefit more from the lessons learned out of specific Honeynet deployments than in how to build and instantiate one myself. But the thought processes one goes through in the deployment of such a mechanism and the tracking of "hackers" was extremely informative. I would recommend this book for IT professionals, especially ones in charge of large system deployments, although I think most IT security professionals would find this book too much of a review.

Honeypots is an excellent introduction to the subject of honeypots, useful as a reference for experts as well as for beginners to the subject. It is written very clearly and provides step-by-step instructions with plenty of examples and screenshots. It covers commercial, open source, and do-it-yourself solutions, from very simple low-interaction detection honeypots to very high-interaction research honeypots. A CD-ROM is included with software and example data collected by honeypots. One defect is a fairly large number of typos.

Honeypots: Tracking Hackers By Lance Spitzner (Senior Security Architect for Sun Microsystems, Inc.) is an advanced computer science text to understanding and making use of "honeypots" (technological systems specifically designed to be compromised by online attackers) as burglar alarms, incident response systems, or tools for gathering information about hackers in order to better guard the security of one's compter data. Technical know-how, advanced theory, guidance from three legal experts, and more fill the pages of this excellent and very strongly recommended resource for anyone invested with cyber security responsibilities. An accompanying CD-ROM contains white papers, source code, and data captures of real attacks to facilitate the deployment of honeypot solutions to serious computer problems.

I bought this to help perform research on a security course that I'm preparing. Even though the information on some of the honeypot programs is a bit outdated, I still found the book very helpful. It's well-written, and gives a very good explanation of how to implement honeypots. It was a tremendous help in my research.

This book is written with obvious passion towards honeypots as the author obviously believes in the power of honeypots in making the corporate network a safe place. The discussion cover simple and advanced topics in honeypot motives, creation and trapping hacker information. In all, a well researched book that evangelises the use of honeypot intrusion detection