Honeypots for Windows (The Experts Voice) (Paperback)

~ (Author)
Key Phrases: datagram service, terminal services, terminal server, Exchange Server, Windows Server, Service Pack (more...)

Editorial Reviews

Product Description

...a handy book to keep as a general security reference.</a></p> </blockquote> <p id="quoteAuthor">&#8212; Lou Vega, member, Greater Charleston . ...this looks like it'd be cool as h3ll to really do.</a></p> </blockquote> <p id="quoteAuthor">&#8212; Bill Ryan, Bill's House O Insomnia</p></div>

<p>Installing a honeypot inside your network as an early warning system can significantly improve your security. Currently, almost every book and resource about honeypots comes from a Unix background, which leaves Windows administrators still grasping for help. But <i>Honeypots for Windows</i> is a forensic journey&emdash;helping you set up the physical layer, design your honeypot, and perform malware code analysis.</p>

<p>You'll discover which Windows ports need to be open on your honeypot to fool those malicious hackers, and you'll learn about numerous open source tools imported from the Unix world. Install a honeypot on your DMZ or at home and watch the exploits roll in! Your honeypot will capture waves of automated exploits, and you'll learn how to defend the computer assets under your control. </p>

About the Author

Roger A. Grimes (CPA, CISSP, MCSE: Security (NT/2000/2003/MVP), CEH, TICSA, Security+, MCT)&emdash;is a 17-year Windows security consultant, instructor, and author. This is Grimes' third book and he has written over a 150 articles for magazines like <i>Windows IT Pro, Microsoft Certified Professional, InfoWorld, Network Magazine, Windows & .NET,</i> and <i>Security Administrator.</i> He is a contributing editor for <i>Windows & .NET,</i> and <i>InfoWorld</i> magazines.</p>

<p>Grimes has presented at Windows Connections, MCP TechMentors, and SANS. He was recently recognized as Most Valuable Professional (MVP) by Microsoft, for Windows Server 2003 security. Grimes also writes frequently for Microsoft, including material for two courses on advanced Windows security and Technet. He has taught security to many of the world’s largest and most respected organizations, including Microsoft, VeriSign, the U.S. Navy, various universities, and public school systems. Grimes spends his time surrounded by the maddening hum of twelve 1U servers in his home office, monitoring his personal honeypots.</p>

Product Details

• Paperback: 424 pages
• Publisher: Apress; 1 edition (February 14, 2005)
• Language: English
• ISBN-10: 1590593359
• ISBN-13: 978-1590593356
• Product Dimensions: 9.1 x 7 x 1.1 inches
• Shipping Weight: 1.6 pounds (View shipping rates and policies)
• Average Customer Review: 4.8 out of 5 stars  See all reviews (5 customer reviews)
• Amazon.com Sales Rank: #1,062,722 in Books (See Bestsellers in Books)

Customer Reviews

Most Helpful Customer Reviews

7 of 8 people found the following review helpful:

5.0 out of 5 stars Immediate and useful information!, April 13, 2005

By	Christopher G. Williams - See all my reviews (REAL NAME)

Review by Lou Vega of the Greater Charleston .NET User Group

This book provides immediate and useful information whether you have previous experience with Honeypots or hadn't even heard of one until you picked up the book. I would recommend this book to anyone who has ever been interested in network and systems security as it pertains to a Microsoft Windows environment, especially in light of the fact that most previous books and articles with information about Honeypots were geared toward *nix systems.

Those who have no previous experience with Honeypots and would like a background lesson can jump right into Chapters 1 and 2 which should give them a fair basic understanding of what's involved. Those persons who want to get right to work...start browsing between chapters 3 and 8 for hands on information including screenshots and installation/configuration information. Later chapters cover more advanced information concerning the monitoring and analysis of the traffic captured using your Honeypot.

The author doesn't leave you stranded with just setting up a Honeypot either. The chapters on Network Analysis, Honeypot Monitoring and alerting, and Honeypot data analysis give you a chance to begin to make real use of the Honeypot and the data gathered while using it. The walkthroughs for setting these analysis and monitoring tools seem easy enough and the author makes good use of available open source tools out there for those who don't have the budget for some of the commercial applications available.

An added bonus for any networking security person is the wealth of information concerning how to harden a Windows Server, common ports used in malware and numerous configuration demonstrations make this a handy book to keep as a general security reference.

This book will make a fine addition to any IT professional's reference collection.

2 of 2 people found the following review helpful:

5.0 out of 5 stars Must Have for any Windows Administrator, November 21, 2005

By	David Williams "QuikSilver" (Philadelphia, PA) - See all my reviews (REAL NAME)

Before reading Roger's book I was pretty sure I had a solid understanding of Honeypots, how they work, how they should be deployed, etc. I can honestly say that I still learned a lot from this book. Recommended for beginner to advanced user. The examples are great and very specific. Running a honeypot in a windows environment definately benefits many of my clients because they are unsure how to properly secure a *nix machine. This book showed me step-by-step how to set-up a fully functional Windows Honeypot that anyone can administer. Thanks for the great info Mr. Grimes, can't wait to read the next book.

3 of 4 people found the following review helpful:

4.0 out of 5 stars a state of the art honeypot, February 27, 2005

By	W Boudville (Terra, Sol 3) - See all my reviews (TOP 10 REVIEWER)    (REAL NAME)

Grimes has a valid gripe. Honeypots have risen to prominence as an aggressive anti-cracker method. So that, for example, the well known Honeynet Project has been running for several years, with good results. But the bulk of these honeypot efforts has been in unix machines. If you run a network of Microsoft boxes, there is a dearth of comprehensive documentation, until this book came along.

It is written for the Microsoft sysadmin who wants to establish a honeypot that is state of the art. This could be one or more machines on her network. Grimes gives detailed instructions. Most importantly, for the honeyd program. Two chapters are devoted to its installation and running.

But even aside from whether you end up running a honeypot, the book has value. It explains network traffic analysis and various tools that aid in this, such as Snort or Ethereal. With or without a honeypot, you'll need more than a passing acquaintance with traffic analysis, and the book can aid in this.