• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Book Review - Honeypots : Tracking Hackers

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> News // Columns // Articles

View previous topic :: View next topic  
Author Message
ShaolinTiger
Forum Fanatic
Forum Fanatic


Joined: 18 Apr 2002
Posts: 16777215
Location: Kuala Lumpur, Malaysia

Offline

PostPosted: Tue Oct 14, 2003 9:00 pm    Post subject: Book Review - Honeypots : Tracking Hackers Reply with quote

Honeypots : Tracking Hackers

Author: Lance Spitzner
Website: http://www.tracking-hackers.com/
Publisher: Pearson/Addison Wesley
Book Specifications: Soft-Cover, 452 Pages with CD
Category: Honeypots
User Level: Prior knowledge of Linux/Windows and network/basic hacking techniques useful
Suggested Publisher Price: $44.99 USA/ $66.99 CAN/ £34.99 Net UK (inc of VAT)
ISBN: 0-321-10895-7
Amazon.com: Honeypots : Tracking Hackers



Info from Back: "Honeypots are unique technological systems specifically designed to be probed, attacked, or compromised by an online attacker. Honeypots: Tracking Hackers is the ultimate guide to this rapidly growing, cutting-edge technology. The book starts with a basic examination of honeypots and the different roles they can play, and then moves on to in-depth explorations of six specific kinds of real-world honeypots: BackOfficer Friendly, Specter, Honeyd, Homemade honeypots, ManTrap and Honeynets."

Introduction

I have been following the evolution of honey pots for quite some time especially the legalities dealing with entrapment and wiretapping. It's a fascinating area and one that requires a fair amount of time and effort to make worthwhile. Ideas on such technologies have existed since the 80's but it's only really been in the last few years that a lot of energy has been put into the research and development of usable, deployable honeypot solutions.

I have a little experience with Honeypots, more specifically hacking type challenges which are Honeypots in a manner, but are more controlled and not for the same purpose. They are to be hacked to educate the user rather than educate the security pro's, this book portrays things from the other side of the table and introduced some products that I wasn't aware of.

This book is an extremely narrow area, nevertheless this is an area I believe all security professionals should be comfortable and competant with especially as Honeypots become more prevalent. To give an example NIDS (Network Intrusion Detection Systems) such as snort were still a thing of mere theory just a few short years ago. Honeypots is definately an area to watch and at present this is the only book that covers the area.

Contents

The book is split into 16 chapters with no subsections but I will attempt to classify them broadly as such:
  • Introduction to and Explanation of Honeypots [Ch.1-5]
  • Actual Honeypots and how to use them (Spectre, ManTrap etc.) [Ch.6-11]
  • What to do with your Honeypot (Implementation/Maintenance etc) [Ch.12-14]
  • Other (Legalities, The future of Honeypots) [Ch.14-16]
There is a foreword by Marcus J. Ranum a wellknown name in the Computer Security world. Following this there is a preface containing an anecdote on how Lance got into Honeypots, the intended audience for the book, details of the CD-ROM/Website, conventions used in the book, about Lance and a HUGE acknowledgements section.

Outline of chapters
  • The Threat: Tools, Tactics and Motives of Attackers
  • History & Definition of Honeypots
  • The Value of Honeypots
  • Classifying Honeypots by Level of Interaction
  • Implementing your Honeypot
  • Maintaining your Honeypot
  • Putting it all Together
  • Legal Issues
  • Future of Honeypots
This is not a complete chapter list, a full Table of Contents can be found at the books website (http://www.tracking-hackers.com/book/) HERE.

You can find a sample chapter here: http://www.tracking-hackers.com/book/chp-04.pdf

Each chapter tends to begin with a reference to the last and at the end of each chapter there is a brief summary and a list of online references used throughout that chapter. There are various diagrams and screen shots from the various honeypots along with packet dumps and snippets from logs that are relevant to the chapter.

Small tables are used to consolidate information in an easy to read format, the only downfall I found was the info in the tables was exactly the same info that was in the chapter so it was repeated. The Appendixes are very complete including full ASCII scan dumps, a SNORT config file, a complete list of IP protocols and a couple of other things. A CD accompanies the book and contains all the software mentioned in the book, all the challenge/scan of the months dumps and a lot of relevant papers/texts. There is a nice HTML menu that shows the resources as they are related to in the book

Style and Detail

The main thing that comes through in this book is Lances passion for the subject of Honeypots, the guy is REALLY into them. The book is very nicely laid out, easy to read and clear with good conventions and simple diagrams where required.

There are some screenshots where they probably aren't required but it does have the effect of breaking up the text a little

The index is thorough and as mentioned above the appendixes are very complete, but as the information is available on the CD I feel rather redundant.

The book has a good flow and is linked well together, the start of each chapter mentions the previous chapter and references are made througout the chapters to previous sections.

Conclusion

As mentioned above this book covers only a very narrow area, this is not to it's detriment, but don't except this book to be about anything other than Honeypots, because it's not!

Overall this an excellent book, I would say however though it allready seems a little dated, I realise I am reviewing it just over a year after it was published but things are moving that fast in the world of Honeypots. For example ManTrap no longer exists as such. http://www.recourse.com points to Symantec and the product is now known as ManHunt. I was holding out for a second edition but I guess that will come in another 6-12 months or so when some major things have changed.

The only other thing I noticed was there was a fair amount of repetition in the text, at one point I found myself shouting at the book "YES I KNOW MANTRAP IS A HIGH INTERACTION HONEYPOT!". Perhaps this book is trying too much to be a 'big' book when in fact the material is only enough for a medium sized book, this was reinforced when I looked over the verbose Appendixes.

Other than these 2 little niggles (which are easily fixed with a good editor and a little updating) there is nothing else I can find wrong with the book.

To conclude this book is extremely informative, on the whole well written, nicely laid out and enjoyable to read.

All in all I recommend this book.

I give it a solid SFDC 7/10



This review is copyright 2003 by the author and Security-Forums Dot Com, and may not be reproduced in any form in any media without the express permission of the author, or Security-Forums Dot Com.


Last edited by ShaolinTiger on Sun Jan 18, 2004 11:20 pm; edited 1 time in total
Back to top
View user's profile Send private message Visit poster's website
Dunceor
Just Arrived
Just Arrived


Joined: 05 Sep 2003
Posts: 4
Location: Sweden

Offline

PostPosted: Wed Oct 15, 2003 12:49 pm    Post subject: Reply with quote

sounds like a great book...

I need to invest in some honeypot books and this looks like one of the first to get Smile

Great review ST Smile
Back to top
View user's profile Send private message Visit poster's website
kohai
Just Arrived
Just Arrived


Joined: 27 Aug 2003
Posts: 2
Location: New Brunswick - Canada

Offline

PostPosted: Wed Oct 15, 2003 2:35 pm    Post subject: Reply with quote

Does this book tell you how to attack your honey pot or just sit back and wait for people to attack it???
Back to top
View user's profile Send private message MSN Messenger
Deep Viewer
Just Arrived
Just Arrived


Joined: 30 Nov 2003
Posts: 1
Location: Europe

Offline

PostPosted: Sun Nov 30, 2003 11:47 pm    Post subject: Reply with quote

Honeypots Papers: (Know your enemy)

The KYE series of whitepapers has two purposes. The first purpose is to share the information the Honeynet Project has learned on blackhats. Most of this information is on common threats, individuals or automated tools targeting large numbers of systems using known methods or tools. The second purpose of our papers is to share the tools and techniques in how that information was obtained and analyzed. Papers no longer actively maintained are indicated as such in the descriptions below----> http://honeynet.startx.fr/papers
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> News // Columns // Articles All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register