Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.

  • Apple
  • Android
  • Windows Phone
  • Android

To get the free app, enter your mobile phone number.

Know Your Enemy: Learning about Security Threats (2nd Edition) 2nd Edition

4.8 out of 5 stars 9 customer reviews
ISBN-13: 078-5342166460
ISBN-10: 0321166469
Why is ISBN important?
This bar-code number lets you verify that you're getting exactly the right version or edition of a book. The 13-digit and 10-digit formats both work.
Scan an ISBN with your phone
Use the Amazon App to scan ISBNs and compare prices.
Have one to sell? Sell on Amazon
Rent On clicking this link, a new layer will be open
$17.28 On clicking this link, a new layer will be open
Buy used On clicking this link, a new layer will be open
$21.99 On clicking this link, a new layer will be open
Buy new On clicking this link, a new layer will be open
$43.20 On clicking this link, a new layer will be open
More Buying Choices
18 New from $29.83 31 Used from $1.81
Free Two-Day Shipping for College Students with Prime Student Free%20Two-Day%20Shipping%20for%20College%20Students%20with%20Amazon%20Student

The Amazon Book Review
The Amazon Book Review
Author interviews, book reviews, editors picks, and more. Read it now
$43.20 FREE Shipping. Only 6 left in stock (more on the way). Ships from and sold by Amazon.com. Gift-wrap available.
click to open popover

Frequently Bought Together

  • Know Your Enemy: Learning about Security Threats (2nd Edition)
  • +
  • Honeypots: Tracking Hackers
  • +
  • Virtual Honeypots: From Botnet Tracking to Intrusion Detection
Total price: $119.86
Buy the selected items together

Editorial Reviews

From the Back Cover

"The Honeynet guys have always been fighting the good fight: messing with the hackers' heads, learning what they're doing, collecting their tools and tricks, and sharing the knowledge with the rest of the good guys. It's one thing to sit around and try to guess what the hackers are up to, but the Honeynet Project just rolled up their sleeves and went on the offensive in their own unique way. Never before has being a victim been so cool! This book is a great resource for the serious information security professional and the beginning practitioner alike."
--Marcus J. Ranum, Senior Scientist, TrueSecure Corp.

"The Honeynet Project is one of the best sources, if not the best source, for information about current techniques and trends in the blackhat community. They are also how-to experts in setting up and gathering information--safely--about these attackers. The Honeynet Project's ability and willingness to share cutting-edge information is an immeasurable benefit to the security community."
--Jennifer Kolde, security consultant, author, and instructor

"Know Your Enemy contains an incredible wealth of information, including legal and sociological topics, that set it apart from other security books. The scope of this book is broad, and while no one book can teach people everything they need to know on such a topic, this one covers the subject better than any other source I know. Know Your Enemy will help security professionals with specific technical information, and it will help more general readers better understand a topic they need to learn about."
--William Robinson, former security training program manager at Sun Microsystems, curriculum coordinator for Fire Protection Publications.

"This book will be an extremely useful tool in helping a network security administrator or professional assemble the technical tools needed to build, maintain, analyze, and learn from a honeynet within their organization. Each technical chapter goes into great detail on commands, log formats, configuration files, network design, etc. As a professional working with many of these technologies on a daily basis, it is exciting to see all of this information in one place. The knowledge and experience of the authors in working with and developing honeynets has grown noticeably since the first book was published. This is a very positive revision."
--Sean Brown, IT Director, Applied Geographics, Inc.

"With the drastic increase in the number of attacks, it is important to have more people within the security industry studying attacks and attackers' motives and sharing their results with the community. This book begins by teaching users whether they should install a honeypot, and then gives details and information about honeypots and how they can deploy them."
--Kirby Kuehl, Cisco Systems

"Know Your Enemy reveals truths about the blackhat community and shows readers how to fight off attacks. The authors contribute their own experiences and offer the curious reader a rainbow of ideas."
--Laurent Oudot, security engineer, CEA

"The Honeynet Project has been blazing a trail and providing a hard dose of reality that computer security needs. Get behind the fantasy and learn what the hackers are really doing. This is great cutting-edge stuff!"
--Marcus J. Ranum, senior scientist, TruSecure Corp.

For centuries, military organizations have relied on scouts to gather intelligence about the enemy. In the field of information security, few scouts have ever existed. Very few organizations today know who their enemies are, how they might attack, when they might attack, and, perhaps most important, why they attack.

If the blackhat community is the enemy, then the Honeynet Project is a most valuable ally. In this completely revised and greatly expanded follow-up to their groundbreaking book, Know Your Enemy, members of the Honeynet Project, the Alliance, and the community (including Lance Spitzner, Brian Carrier, Anton Chuvakin, Eric Cole, Yannis Corovesis, Max Kilger, and Rob Lee) provide an unrivaled "intelligence report" on those who use the Internet for destructive purposes. They also provide an in-depth guide to honeynets--high-interaction honeypots designed to capture extensive information on exactly how your enemies operate so you can protect your systems from them.

Inside, you'll find extensive information on:

  • How to plan, build, and maintain first- and second-generation, virtual, and distributed honeynets.
  • How to capture and analyze data through a honeynet, including the latest on reverse engineering and forensics for Windows, UNIX, and networks.
  • Understanding the enemy, including real examples of incidents and compromised systems, types of attacks, and profiling.

Aimed at security professionals, but containing much information that is relevant for those with less technical backgrounds, this book teaches the technical skills needed to study and learn from a blackhat attack.

About the Author

The Honeynet Project is a nonprofit security research organization made up of volunteers. These volunteers are dedicated to learning the tools, tactics, and motives of the blackhat community and sharing lessons learned. The Honeynet Project has 30 members, and works with various other organizations through The Honeynet Research Alliance.


The latest book club pick from Oprah
"The Underground Railroad" by Colson Whitehead is a magnificent novel chronicling a young slave's adventures as she makes a desperate bid for freedom in the antebellum South. See more

Product Details

  • Paperback: 800 pages
  • Publisher: Addison-Wesley Professional; 2 edition (May 27, 2004)
  • Language: English
  • ISBN-10: 0321166469
  • ISBN-13: 978-0321166463
  • Product Dimensions: 6.8 x 1.6 x 9 inches
  • Shipping Weight: 2.6 pounds (View shipping rates and policies)
  • Average Customer Review: 4.8 out of 5 stars  See all reviews (9 customer reviews)
  • Amazon Best Sellers Rank: #1,329,184 in Books (See Top 100 in Books)

Customer Reviews

5 star
4 star
3 star
2 star
1 star
See all 9 customer reviews
Share your thoughts with other customers

Top Customer Reviews

One of most exciting areas to emerge in information security has been in the area of honeynets. These are networks designed to be compromised and capture all of the tools and activity of attackers
The Honeynet Project is a volunteer organization dedicated to researching and learning cyber-threats, and sharing our lessons learned. The project is made up of 30 security professionals around the world. They learn about cyber-threats by deploying networks around the world to be compromised. Once compromised, they capture all of the attacker's tools and activity, analyze, and learn from that. The value to this research is there is very little theory involved, they are capturing and seeing what is happening in the Internet today.
Very neat!
A honeynet is the primary tool used to capture attacker's activity. It is a type of honeypot, specifically a high-interaction honeypot. As a honeypot, honeynets work on the concept that they should not see any activity, no one has authorization to interact with them. As a result, any inbound or outbound connections to the honeynet is most likely unauthorized activity. This simple concept makes it highly effective in detecting and capturing both known and unknown activity. Honeynets work as a highly controlled network made up of real systems and applications for attackers to probe and compromise.
The book is about honeynets, how to use them, and what you can learn. The book is broken into three parts. The first part is focused on what honeynets are, how they work, the different types, and technical details on how you can deploy them safely. The second part focuses on how to analyze all the different data a honeynet can collect (network and host based forensics, reverse engineering, centralized data correlation, etc).
Read more ›
Comment 5 people found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
Most of the time, your only close-up view of a computer attack is trying to sort out how someone compromised your production system. But there is a way to get hands-on experience with attack analysis, and Know Your Enemy - Learning About Security Threats by The Honeynet Project (Addison-Wesley) shows you how.

The chapter breakout: The Beginning; Honeypots; Honeynets; Gen1 Honeynets; Gen2 Honeynets; Virtual Honeynets; Distributed Honeynets; Legal Issues; The Digital Crime Scene; Network Forensics; Computer Forensics Basics; UNIX Computer Forensics; Windows Computer Forensics; Reverse Engineering; Centralized Data Collection and Analysis; Profiling; Attacks and Exploits: Lessons Learned; Windows 2000 Compromise and Analysis; Linux Compromise; Example of Solaris Compromise; The Future; IPTables Firewall Script; Snort Configuration; Swatch Configuration; Network Configuration Summary; Honeywall Kernel Configuration; Gen2 rc.firewall Configuration; Resources and References; About The Authors; Index

If you're not familiar with the concept, a honeypot is a computer set up to gain the attention of network intruders. The concept is that the intruder will spend time with that box and leave the rest of the network alone. A honeynet is the same thing but only at a network level. The authors of this book are experts at setting up these kind of systems in order to see how attackers work and discover new exploits before they are used against actual production systems. They take you through all the different parts of the process; how to set up a honeypot/honeynet, how to analyze an attack, what legal considerations have to be kept in mind, and examples of exploits that actually were recorded and analyzed.
Read more ›
Comment 6 people found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
Verified Purchase
The Honeynet Project is a nonprofit security research organization made up of about 30 volunteers, that was set up to learn the tools and techniques that blackhats use, and then share the information that was learned. This book is divided into three parts with the first part covering what honeynets are, some history and various iterations of honeynets. Part II is dedicated to analysis and forensics, and I found the Network Forensics chapter gave very thorough coverage to the subject. Chapter 14 Reverse Engineering was also very good. Part III begins with a profile of "The Enemy" in Chapter 16 Profiling, which was outstanding and provides some very good insights into the mind of malicious actors. I would have liked a chapter on Apple's OS X or iOS in this section, as only Windows, Solaris and Linux Compromise and Analysis are covered. Overall it was well worth the purchase price, and I would highly recommend picking it up.
Comment One person found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
The Honeynet Project grew out of an informal group of computer experts who decided to take an active role in tracking breakins to computers. Existing countermeasures, like firewalls, and frequent patches of discovered firmware bugs, were fundamentally defensive. And did not actively try to understand the capabilities and intentions of the crackers/intruders/blackhats.

This second edition describes what they term Gen 2 Honeynets. These are more sophisticated than Gen 1 networks of honeypots, where a honeypot is a computer expressly deployed for blackhats to intrude upon. The book delves in some length on how to construct a honeypot and a honeynet. Various configurations are possible. A honeypot could mimic a Microsoft computer or a Solaris or linux machine. There is more emphasis on the actual machine being linux, because of the open source nature, which has led to tools like Snort, Ethereal and Sebeb being available. Indeed, Snort-Inline and Sebek were developed by this project.

Lots of craft keyboard sniffing (Sebek) and network sniffing (Ethereal). Plus, variant arrangements like having one computer pretend to be several honeypots are described. Or another, where a honeynet might be physically distant from the production net, but linked to it via a VPN.

All this is scarcely the last word. The blackhats will certainly devour this book to concoct their next generation techniques. You can safely predict an eventual third edition of this book.
Comment One person found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse

Set up an Amazon Giveaway

Know Your Enemy: Learning about Security Threats (2nd Edition)
Amazon Giveaway allows you to run promotional giveaways in order to create buzz, reward your audience, and attract new followers and customers. Learn more about Amazon Giveaway
This item: Know Your Enemy: Learning about Security Threats (2nd Edition)