ArsGeek

Title: Virtual Honeypots: From Botnet Tracking to Intrusion Detection
Author(s): Niels Provos & Thorsten Holz
ISBN10: 0-321-33632-1
ISBN13: 978-0-321-33632-1
Publisher: Addison-Wesley
Cost: $49.99
Format: Paperback, 440 pages.
Published: July 16, 2007

Here is a concise, step by step guide to creating virtual honeypots. Honeypots are sweetened servers or services made available to the public where those seeking to compromise systems (either bots, malware or actual human beings taking a gander) can find vulnerabilities and then exploit them. Honeypots serve to either track and collect information about such attacks or serve as literal traps, netting the bad guys and tracing back to their origins.

Topics in the book range from full fledged virtual OS instances to attract malware and wrongdoers, creating low interaction honeypots to simulate single instances of vulnerabilities (rather than an entire system to compromise) to using various pre-packed tools to attract and trap malware, bots and hackers.

Virtual Honeypots is divided into 12 chapters, and includes a bibliography and index.

Chapter 1 is an introduction to networking concepts and honeypot concepts. Chapter 2 focuses on high-interaction honeypots – traps that appear like entire open systems just begging to be messed with. Chapter 3 deals with low-interaction honeypots, which are designed to mirror services such as apache or samba which are available over the net. Chapters 4 and 5 focus on honeyd, a prepackaged honeypot service. Chapter 6 deals with collecting malware with honeypots. Chapter 7 looks into hybrid systems such as Collapsar, Potemkin and RolePlayer. Chapter 8 looks at client honeypots. Chapter 9 shows you how to detect other honeypots. Chapters 10 through 12 cover some real life case studies, tracking botnets and analyzing malware you may collect.

Virtual Honeypots opens in the preface with a quick time line of an actual attack on a honeypot, in which a remote user breaks into a virtual machine, downloads several scanning and password guessing tools and then begins to scan other networks, also downloading a movie in the process.

From there the book is full of step by step, practical information for setting up just about any type of honeypot or honeynet (a network of, in this case, virtual honeypots emulating different server or client installs). Further, it can be used as a practical field guide for analyzing the data collected through the use of honeypots. Not only will this book guide you in setting up traps and analysis about the bad guy’s behavior, but it will teach you how to follow their tracks on your systems and take steps to prevent further intrusions on production computers.

Another extremely useful area covered in this book is the ability to actively seek out sites which will cause harm. Using client honeypots you can set virtual client installs to probing the web for sites which contain malware and other bad things and then note them, allowing you to take appropriate action.

Virtual Honeypots is an authoritative guide to intelligence gathering, analyzing and deterring many different kinds of online threats, from simple malware outbreaks to determined and skilled hackers this book can guide you through watching, catching and stopping them all.

Technorati Tags: review, book, honeypot, virtual, honeynet