作者:Niels Provos, Thorsten Holz
出版日期:July 26, 2007
出版社:Addison Wesley
页数:440
ISBN:ISBN-10: 0321336321 ISBN-13: 978-0321336323
文件格式:CHM
Praise for Virtual Honeypots
“A power-packed resource of technical, insightful information thatunveils the world of honeypots in front of the reader’s eyes.”
—Lenny Zeltser, Information Security Practice Leader at Gemini Systems
“This is one of the must-read security books of the year.”
—Cyrus Peikari, CEO, Airscanner Mobile Security, author, security warrior
“This book clearly ranks as one of the most authoritative in thefield of honeypots. It is comprehensive and well written. The authorsprovide us with an insider’s look at virtual honeypots and even help usin setting up and understanding an otherwise very complex technology.”
—Stefan Kelm, Secorvo Security Consulting
“Virtual Honeypots is the best reference for honeypots today.Security experts Niels Provos and Thorsten Holz cover a large breadthof cutting-edge topics, from low-interaction honeypots to botnets andmalware. If you want to learn about the latest types of honeypots, howthey work, and what they can do for you, this is the resource you need.”
—Lance Spitzner, Founder, Honeynet Project
“Whether gathering intelligence for research and defense,quarantining malware outbreaks within the enterprise, or tending hackerant farms at home for fun, you’ll find many practical techniques in theblack art of deception detailed in this book. Honeypot magic revealed!”
—Doug Song, Chief Security Architect, Arbor Networks
“Seeking the safest paths through the unknown sunny islands calledhoneypots? Trying to avoid greedy pirates catching treasures deeper anddeeper beyond your ports? With this book, any reader will definitelyget the right map to handle current cyber-threats.
Designed by two famous white hats, Niels Provos and Thorsten Holz,it carefully teaches everything from the concepts to practicalreal-life examples with virtual honeypots. The main strength of thisbook relies in how it covers so many uses of honeypots: improvingintrusion detection systems, slowing down and following incomingattackers, catching and analyzing 0-days or malwares or botnets, and soon.
Sailing the high seas of our cyber-society or surfing the Net, fromstudents to experts, it’s a must-read for people really aware ofcomputer security, who would like to fight against black-hats flagswith advanced modern tools like honeypots.”
—Laurent Oudot, Computer Security Expert, CEA
“Provos and Holz have written the book that the bad guys don’t wantyou to read. This detailed and comprehensive look at honeypots providesstep-by-step instructions on tripping up attackers and learning theirtricks while lulling them into a false sense of security. Whether youare a practitioner, an educator, or a student, this book has atremendous amount to offer. The underlying theory of honeypots iscovered, but the majority of the text is a ‘how-to’ guide on setting uphoneypots, configuring them, and getting the most out of these traps,while keeping actual systems safe. Not since the invention of thefirewall has a tool as useful as this provided security specialistswith an edge in the never-ending arms race to secure computer systems.Virtual Honeypots is a must-read and belongs on the bookshelf of anyonewho is serious about security.”
—Aviel D. Rubin, Ph.D., Computer Science Professor and TechnicalDirector of the Information Security Institute at Johns HopkinsUniversity, and President and Founder, Independent Security Evaluators
“An awesome coverage of modern honeypot technologies, both conceptual and practical.”
—Anton Chuvakin
“Honeypots have grown from simple geek tools to key components inresearch and threat monitoring at major entreprises and securityvendors. Thorsten and Niels comprehensive coverage of tools andtechniques takes you behind the scene with real-world examples ofdeployment, data acquisition, and analysis.”
—Nicolas Fischbach, Senior Manager, Network Engineering Security, COLT Telecom, and Founder of Sécurité.Org
Honeypots have demonstrated immense value in Internet security, butphysical honeypot deployment can be prohibitively complex,time-consuming, and expensive. Now, there’s a breakthrough solution.Virtual honeypots share many attributes of traditional honeypots, butyou can run thousands of them on a single system-making them easier andcheaper to build, deploy, and maintain.
In this hands-on, highly accessible book, two leading honeypotpioneers systematically introduce virtual honeypot technology. One stepat a time, you’ll learn exactly how to implement, configure, use, andmaintain virtual honeypots in your own environment, even if you’venever deployed a honeypot before.
You’ll learn through examples, including Honeyd, the acclaimedvirtual honeypot created by coauthor Niels Provos. The authors alsopresent multiple real-world applications for virtual honeypots,including network decoy, worm detection, spam prevention, and networksimulation.
After reading this book, you will be able to
* Compare high-interaction honeypots that provide real systems and services and the low-interaction honeypots that emulate them
* Install and configure Honeyd to simulate multiple operating systems, services, and network environments
* Use virtual honeypots to capture worms, bots, and other malware
* Create high-performance “hybrid” honeypots that draw on technologies from both low- and high-interaction honeypots
* Implement client honeypots that actively seek out dangerous Internet locations
* Understand how attackers identify and circumvent honeypots
* Analyze the botnets your honeypot identifies, and the malware it captures
* Preview the future evolution of both virtual and physical honeypots
About the Author
Niels Provos received a Ph.D. from the University of Michigan in2003, where he studied experimental and theoretical aspects of computerand network security. He is one of the OpenSSH creators and known forhis security work on OpenBSD. He developed Honeyd, a popular opensource honeypot platform; SpyBye, a client honeypot that helps webmasters to detect malware on their web pages; and many other tools suchas Systrace and Stegdetect. He is a member of the Honeynet Project andan active contributor to open source projects. Provos is currentlyemployed as senior staff engineer at Google, Inc.
Thorsten Holz is a Ph.D. student at the Laboratory for DependableDistributed Systems at the University of Mannheim, Germany. He is oneof the founders of the German Honeynet Project and a member of theSteering Committee of the Honeynet Research Alliance. His researchinterests include the practical aspects of secure systems, but he isalso interested in more theoretical considerations of dependablesystems. Currently, his work concentrates on bots/botnets, clienthoneypots, and malware in general. He regularly blogs athttp://honeyblog.org.