Honeypots for Windows (Books for Professionals by Professionals) [Paperback]

Roger A. Grimes (Author)

Book Description

Series: Books for Professionals by Professionals | Publication Date: October 2004

The Book will cover installing, configuring, and maintaining security Honeypots on Windows platforms. The Book will specifically cover the popular open source Honeypot product called honeyd, and summarize other commercial Honeypot solutions. There are no computer security books covering Honeypots (or IDSs) as they run on Windows platforms.

Developers who are tired of reading Unix and Linux documentation and newsgroups to get information on how to build and maintain a Windows-based Honeypot this book is for you. No longer will you have to rummage through Unix-only advice and utilities to pull out the information that related to your Windows deployment. No longer will you have to listen to some Unix head bash Microsoft and Bill Gates when all you wanted to know is why your Honeypot wasn’t working. Learn special tricks and troubleshooting hints to run a Windows-based Honeypot.

Target audience: Windows network and security administrators; intrusion detection software users; subscribers to Honeypot mailing list; readers of other author’s Honeypot books - all are very Unix-centric

Editorial Reviews

About the Author

Roger A. Grimes (CPA, MCSE NT/2000, CNE 3/4, A+), author of Malicious Mobile Code:  Virus Protection for Windows (O'Reilly) has been fighting malware since 1987, and was in Newsweek magazine for his work on fighting computer viruses way back in 1992.  He has consulted for some of the world's largest companies, universities, and the Navy.  Roger has written dozens of articles for national computer magazines such as, Windows & .Net Magazine, Security Administrator, Microsoft Certified Professional magazine, Network Magazine, and for mainstream newspapers. Recently, Roger was part of a team that helped re-write and create Microsoft technet security content and authored two chapters in McGraw-Hill’s upcoming book, Network Security: The Complete Reference. As a frequent speaker on computer security, including at MCP’s Tech Mentor Security Summit and SANS Conferences, Roger’s sessions are highly rated for their practical application and real world fixes.

Product Details

• Paperback: 424 pages
• Publisher: A-Press; 1 edition (October 2004)
• Language: English
• ISBN-10: 1590593359
• ISBN-13: 978-1590593356
• Product Dimensions: 9.2 x 7.1 x 1 inches
• Shipping Weight: 1.6 pounds

More About the Author

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

Most Helpful Customer Reviews

7 of 8 people found the following review helpful:

5.0 out of 5 stars Immediate and useful information!, April 13, 2005

By 

Christopher G. Williams - See all my reviews
(REAL NAME)   

This review is from: Honeypots for Windows (Books for Professionals by Professionals) (Paperback)

Review by Lou Vega of the Greater Charleston .NET User Group

This book provides immediate and useful information whether you have previous experience with Honeypots or hadn't even heard of one until you picked up the book. I would recommend this book to anyone who has ever been interested in network and systems security as it pertains to a Microsoft Windows environment, especially in light of the fact that most previous books and articles with information about Honeypots were geared toward *nix systems.

Those who have no previous experience with Honeypots and would like a background lesson can jump right into Chapters 1 and 2 which should give them a fair basic understanding of what's involved. Those persons who want to get right to work...start browsing between chapters 3 and 8 for hands on information including screenshots and installation/configuration information. Later chapters cover more advanced information concerning the monitoring and analysis of the traffic captured using your Honeypot.

The author doesn't leave you stranded with just setting up a Honeypot either. The chapters on Network Analysis, Honeypot Monitoring and alerting, and Honeypot data analysis give you a chance to begin to make real use of the Honeypot and the data gathered while using it. The walkthroughs for setting these analysis and monitoring tools seem easy enough and the author makes good use of available open source tools out there for those who don't have the budget for some of the commercial applications available.

An added bonus for any networking security person is the wealth of information concerning how to harden a Windows Server, common ports used in malware and numerous configuration demonstrations make this a handy book to keep as a general security reference.

This book will make a fine addition to any IT professional's reference collection.

2 of 2 people found the following review helpful:

5.0 out of 5 stars Must Have for any Windows Administrator, November 21, 2005

By 

David Williams "QuikSilver" (Philadelphia, PA) - See all my reviews
(REAL NAME)   

This review is from: Honeypots for Windows (Books for Professionals by Professionals) (Paperback)

Before reading Roger's book I was pretty sure I had a solid understanding of Honeypots, how they work, how they should be deployed, etc. I can honestly say that I still learned a lot from this book. Recommended for beginner to advanced user. The examples are great and very specific. Running a honeypot in a windows environment definately benefits many of my clients because they are unsure how to properly secure a *nix machine. This book showed me step-by-step how to set-up a fully functional Windows Honeypot that anyone can administer. Thanks for the great info Mr. Grimes, can't wait to read the next book.

3 of 4 people found the following review helpful:

4.0 out of 5 stars a state of the art honeypot, February 27, 2005

By 

W Boudville (Terra, Sol 3) - See all my reviews
(VINE VOICE)    (TOP 1000 REVIEWER)    (HALL OF FAME REVIEWER)    (REAL NAME)   

This review is from: Honeypots for Windows (Books for Professionals by Professionals) (Paperback)

Grimes has a valid gripe. Honeypots have risen to prominence as an aggressive anti-cracker method. So that, for example, the well known Honeynet Project has been running for several years, with good results. But the bulk of these honeypot efforts has been in unix machines. If you run a network of Microsoft boxes, there is a dearth of comprehensive documentation, until this book came along.

It is written for the Microsoft sysadmin who wants to establish a honeypot that is state of the art. This could be one or more machines on her network. Grimes gives detailed instructions. Most importantly, for the honeyd program. Two chapters are devoted to its installation and running.

But even aside from whether you end up running a honeypot, the book has value. It explains network traffic analysis and various tools that aid in this, such as Snort or Ethereal. With or without a honeypot, you'll need more than a passing acquaintance with traffic analysis, and the book can aid in this.