Know Your Enemy - The Honeynet Project

Know Your Enemy

Revealing the Security Tools, Tactics, and Motives of the Blackhat Community
Media-Kombination
352 Seiten
2001
Addison Wesley
978-0-201-74613-6 (ISBN)
49,95 inkl. MwSt
zur Neuauflage
  • Titel erscheint in neuer Auflage
  • Artikel merken
Zu diesem Artikel existiert eine Nachauflage
This title shares the lessons of the two-year Honeynet Project, in which leading security professionals built networks designed to be compromised -- and learned everything possible from the "blackhat" hackers who took the bait: their tools, their tactics, and their motives.
This book shares the lessons of the Honeynet Project, in which leading security professionals built networks designed to be compromised. From this they learned everything possible from the "blackhat" hackers who took the bait: their tools, their tactics, and their motives. The insights in this book will go a long way towards helping security professionals protect their networks against real attacks. If that's not enough, the book shows you how to build your own honeynet, learning even more about today's most significant exploits -- and tomorrow's. Lance Spitzer, leader of The Honeynet Project, begins by introducing honeynets and honeypots (the parts that make up the honeynet network), explaining how they work, and showing how to build one. Next, Know Your Enemy focuses on an in-depth analysis of attacks, including detailed analyses of compromised systems, and techniques for containing blackhat hackers while you gather evidence and work to identify them. Part III takes you into the minds of the blackhat hackers, focusing on the evidence left by actual attacks -- not theory or speculation.
For all computer security specialists, and network and system administrators concerned with intrusion detection and security.

The Honeynet Project is a nonprofit security research organization made up of volunteers. These volunteers are dedicated to learning the tools, tactics, and motives of the blackhat community and sharing lessons learned. The Honeynet Project has 30 members, and works with various other organizations through The Honeynet Research Alliance.

Preface.


Foreword.


1. The Battleground.
I: THE HONEYNET.

2. What a Honeynet Is.


Honeypots.



Honeynets.



Value of a Honeynet.



The Honeypots in the Honeynet.



Summary.

3. How a Honeynet Works.


Data Control.



Data Capture.



Access Control Layer.



Network Layer.



System Layer.



Off-Line Layer.



Social Engineering.



Risk.



Summary.

4. Building a Honeynet.


Overall Architecture.



Data Control.



Data Capture.



Maintaining a Honeynet and Reacting to Attacks.



Summary.

II: THE ANALYSIS.

5. Data Analysis.


Firewall Logs.



IDS Analysis.



System Logs.



Summary.

6. Analyzing a Compromised System.


The Attack.



The Probe.



The Exploit.



Gaining Access.



The Return.



Analysis Review.



Summary.

7. Advanced Data Analysis.


Passive Fingerprinting.



The Signatures.



The ICMP Example.



Forensics.



Summary.

8. Forensic Challenge.


Images.



The Coroner's Toolkit.



MAC Times.



Deleted Inodes.



Data Recovery.



Summary.

III: THE ENEMY.

9. The Enemy.


The Threat.



The Tactics.



The Tools.



The Motives.



Changing Trends.



Summary.

10. Worms at War.


The Setup.



The First Worm.



The Second Worm.



The Day After.



Summary.

11. In Their Own Words.


The Compromise.



Reading the IRC Chat Sessions.



Day 1, June 4.



Day 2, June 5.



Day 3, June 6.



Day 4, June 7.



Day 5, June 8.



Day 6, June 9.



Day 7, June 10.



Analyzing the IRC Chat Sessions.



Profiling Review.



Psychological Review.



Summary.

12. The Future of the Honeynet.


Future Developments.



Conclusion.

Appendix A. Snort Configuration.


Snort Start-Up Script.



Snort Configuration File, snort.conf..

Appendix B. Swatch Configuration File.
Appendix C. Named NXT HOWTO.
Appendix D. NetBIOS Scans.
Appendix E. Source Code for bj.c.
Appendix F. TCP Passive Fingerprint Database.
Appendix G. ICMP Passive Fingerprint Database.
Appendix H. Honeynet Project Members.
Index. 0201746131T08302001

Erscheint lt. Verlag 25.9.2001
Verlagsort Boston
Sprache englisch
Gewicht 732 g
Themenwelt Informatik Netzwerke Sicherheit / Firewall
ISBN-10 0-201-74613-1 / 0201746131
ISBN-13 978-0-201-74613-6 / 9780201746136
Zustand Neuware
Haben Sie eine Frage zum Produkt?
Mehr entdecken
aus dem Bereich
nach DSGVO und BDSG

von Andreas Schaupp

Druckwerk (2023)
Deutscher Apotheker Verlag
58,00
Datenschutz (Kombi-Ausgabe), Mitarbeiter-Merkblatt Datenschutz und …
Media-Kombination (2022)
Forum Verlag Herkert
304,95