Joined: 18 Apr 2002
Location: Kuala Lumpur, Malaysia
|Posted: Tue Oct 14, 2003 9:00 pm Post subject: Book Review - Honeypots : Tracking Hackers
Honeypots : Tracking Hackers
Author: Lance Spitzner
Publisher: Pearson/Addison Wesley
Book Specifications: Soft-Cover, 452 Pages with CD
User Level: Prior knowledge of Linux/Windows and network/basic hacking techniques useful
Suggested Publisher Price: $44.99 USA/ $66.99 CAN/ £34.99 Net UK (inc of VAT)
Amazon.com: Honeypots : Tracking Hackers
Info from Back: "Honeypots are unique technological systems specifically designed to be probed, attacked, or compromised by an online attacker. Honeypots: Tracking Hackers is the ultimate guide to this rapidly growing, cutting-edge technology. The book starts with a basic examination of honeypots and the different roles they can play, and then moves on to in-depth explorations of six specific kinds of real-world honeypots: BackOfficer Friendly, Specter, Honeyd, Homemade honeypots, ManTrap and Honeynets."
I have been following the evolution of honey pots for quite some time especially the legalities dealing with entrapment and wiretapping. It's a fascinating area and one that requires a fair amount of time and effort to make worthwhile. Ideas on such technologies have existed since the 80's but it's only really been in the last few years that a lot of energy has been put into the research and development of usable, deployable honeypot solutions.
I have a little experience with Honeypots, more specifically hacking type challenges which are Honeypots in a manner, but are more controlled and not for the same purpose. They are to be hacked to educate the user rather than educate the security pro's, this book portrays things from the other side of the table and introduced some products that I wasn't aware of.
This book is an extremely narrow area, nevertheless this is an area I believe all security professionals should be comfortable and competant with especially as Honeypots become more prevalent. To give an example NIDS (Network Intrusion Detection Systems) such as snort were still a thing of mere theory just a few short years ago. Honeypots is definately an area to watch and at present this is the only book that covers the area.
The book is split into 16 chapters with no subsections but I will attempt to classify them broadly as such:
There is a foreword by Marcus J. Ranum a wellknown name in the Computer Security world. Following this there is a preface containing an anecdote on how Lance got into Honeypots, the intended audience for the book, details of the CD-ROM/Website, conventions used in the book, about Lance and a HUGE acknowledgements section.
- Introduction to and Explanation of Honeypots [Ch.1-5]
- Actual Honeypots and how to use them (Spectre, ManTrap etc.) [Ch.6-11]
- What to do with your Honeypot (Implementation/Maintenance etc) [Ch.12-14]
- Other (Legalities, The future of Honeypots) [Ch.14-16]
Outline of chapters
This is not a complete chapter list, a full Table of Contents can be found at the books website (http://www.tracking-hackers.com/book/) HERE.
- The Threat: Tools, Tactics and Motives of Attackers
- History & Definition of Honeypots
- The Value of Honeypots
- Classifying Honeypots by Level of Interaction
- Implementing your Honeypot
- Maintaining your Honeypot
- Putting it all Together
- Legal Issues
- Future of Honeypots
You can find a sample chapter here: http://www.tracking-hackers.com/book/chp-04.pdf
Each chapter tends to begin with a reference to the last and at the end of each chapter there is a brief summary and a list of online references used throughout that chapter. There are various diagrams and screen shots from the various honeypots along with packet dumps and snippets from logs that are relevant to the chapter.
Small tables are used to consolidate information in an easy to read format, the only downfall I found was the info in the tables was exactly the same info that was in the chapter so it was repeated. The Appendixes are very complete including full ASCII scan dumps, a SNORT config file, a complete list of IP protocols and a couple of other things. A CD accompanies the book and contains all the software mentioned in the book, all the challenge/scan of the months dumps and a lot of relevant papers/texts. There is a nice HTML menu that shows the resources as they are related to in the book
Style and Detail
The main thing that comes through in this book is Lances passion for the subject of Honeypots, the guy is REALLY into them. The book is very nicely laid out, easy to read and clear with good conventions and simple diagrams where required.
There are some screenshots where they probably aren't required but it does have the effect of breaking up the text a little
The index is thorough and as mentioned above the appendixes are very complete, but as the information is available on the CD I feel rather redundant.
The book has a good flow and is linked well together, the start of each chapter mentions the previous chapter and references are made througout the chapters to previous sections.
As mentioned above this book covers only a very narrow area, this is not to it's detriment, but don't except this book to be about anything other than Honeypots, because it's not!
Overall this an excellent book, I would say however though it allready seems a little dated, I realise I am reviewing it just over a year after it was published but things are moving that fast in the world of Honeypots. For example ManTrap no longer exists as such. http://www.recourse.com points to Symantec and the product is now known as ManHunt. I was holding out for a second edition but I guess that will come in another 6-12 months or so when some major things have changed.
The only other thing I noticed was there was a fair amount of repetition in the text, at one point I found myself shouting at the book "YES I KNOW MANTRAP IS A HIGH INTERACTION HONEYPOT!". Perhaps this book is trying too much to be a 'big' book when in fact the material is only enough for a medium sized book, this was reinforced when I looked over the verbose Appendixes.
Other than these 2 little niggles (which are easily fixed with a good editor and a little updating) there is nothing else I can find wrong with the book.
To conclude this book is extremely informative, on the whole well written, nicely laid out and enjoyable to read.
All in all I recommend this book.
I give it a solid SFDC 7/10
This review is copyright 2003 by the author and Security-Forums Dot Com, and may not be reproduced in any form in any media without the express permission of the author, or Security-Forums Dot Com.
Last edited by ShaolinTiger on Sun Jan 18, 2004 11:20 pm; edited 1 time in total