Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > REVIEW: "Know Your Enemy", Honeynet Project

Thread Tools

REVIEW: "Know Your Enemy", Honeynet Project

Rob Slade, doting grandpa of Ryan and Trevor
Posts: n/a

"Know Your Enemy", Honeynet Project, 2004, 0-321-16646-9,
%A Honeynet Project Removed) www.honeynet.orb/book/
%C P.O. Box 520, 26 Prince Andrew Place, Don Mills, Ontario M3C 2T8
%D 2002
%G 0-321-16646-9
%I Addison-Wesley Publishing Co.
%O U$49.99/C$71.99 416-447-5101 fax: 416-443-0948
%P 768 p. + CD-ROM
%T "Know Your Enemy, Second Edition: Learning About Security

The first edition of "Know Your Enemy" was a lot of fun, and it also
contained some valuable advice if you were brand new to the idea of a
honeypot, and wanted to get started quickly. This second edition has
taken advantage of another couple of years in the development of
honeypots and honeynets, and provides guidance on a new generation of
the technology. More than that, it promises, and mostly provides,
more detailed information on the analytical aspects of honeynet
operation, including the all-too-often neglected topic of network
forensics. The page count has more than doubled.

I have frequently said that any book with "hack," or any variant
thereof, in the title is automatically suspect. This work helps prove
my point, first, because the Honeynet Project members have not used
the term (they refer to attackers as blackhats), and the text also
notes the problems with "exploit" type books: they list old and known
attacks, most of which are protected against, and say nothing about
the attackers and how they work.

Part one describes the honeynet. Chapter one points out the value of
"knowing the enemy" and the history of the Honeynet Project. Chapter
two explains what a honeypot is, leading to details on how a honeynet
works, in terms of architecture, policies, and the risks and
responsibilities of operating one, in chapter three. Building a first
generation honeynet, in chapter four, presents specific details,
although a number of concepts have already been given. The lessons
from the early years of the project have led to a second generation of
design, which is outlined in chapter five. Using a single machine to
create a virtual network of simulated machines is described in chapter
six. Chapter seven extends all of this into distributed networks of
machines. A number of legal issues are discussed in chapter eight:
specific citations are primarily from US laws, but general concepts
are also examined.

Part two concerns the analysis of data collected from the Honeynet.
Chapter nine looks at the various sources of evidence. Network
forensic ideas and tools are reviewed in chapter ten, although the
material does tend to jump abruptly from Networking 101 to an
assumption that the reader can parse Snort captures. Fundamentals of
the data recovery aspects of computer forensics are given in chapter
eleven, leading to the specifics of UNIX recovery in chapter twelve,
and Windows in thirteen. (These chapters contain details of up to
date tools not available in most of the standard computer forensic
texts.) I was delighted to see that chapter fourteen addresses
reverse engineering, although only in a limited subset of the full
range of software forensics. Chapter fifteen reiterates the sources
from chapter nine, and suggests centralized collection and management
of data.

Part three explains what the project has determined about "the enemy"
by the types of attacks that have been launched and detected. Chapter
sixteen takes a random crack at several topics related to the blackhat
community: a number of points are interesting, but few are very
helpful. A general overview of attacks in given in chapter seventeen.
Specific attacks, and analyses, on Windows, Linux, and Solaris are
detailed in chapters eighteen to twenty. Future trends are projected
in chapter twenty one.

The repetition of material that plagued the first edition has been
cleaned up to a great extent, although the text would still benefit
from a tightening up of the material in some chapters. In addition,
the early examples are not thoroughly explained, making the reader
initially feel that only a firewall audit log specialist would be able
to understand what is being said. However, as with the first edition,
most of the book is written clearly and well, and it is certainly
worth reading. In addition, the new material definitely makes this
not merely an interesting read, but something that has the potential
to be a serious reference in the forensic field.

copyright Robert M. Slade, 2004 BKKNYREN.RVW 20040618

(E-Mail Removed) (E-Mail Removed) (E-Mail Removed)
============= for back issues:
[Base URL] site
or mirror
CISSP refs: [Base URL]mnbksccd.htm
Security Dict.: [Base URL]secgloss.htm
Security Educ.: [Base URL]comseced.htm
Book reviews: [Base URL]mnbk.htm
[Base URL]review.htm
Security Educ.:
Review mailing list: send mail to (E-Mail Removed)
or (E-Mail Removed)

Reply With Quote

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Error while trying to run project: Unable to start debugging on the web server. The project is not configured to be debugged. windows 2003 server Claude seraphin ASP .Net 12 02-15-2014 04:29 PM
Need to check your PC's Performance + Security? (University Project - Generate a report on your PC) Morgi3 Computer Support 1 01-11-2006 11:56 PM
ZoneAlarm has detected a problem with your installation, and therefore has restricted Internet access from your machine for your protection. Donít panic A Teuchter Computer Support 2 05-19-2005 09:20 PM
Add C# web project to VB Web project Brad ASP .Net 2 04-01-2004 02:05 PM
Error while trying to run project: Unable to start debugging on the web server. The project is not configured Ken Stealth ASP .Net 2 01-31-2004 05:46 PM