REVIEW: "Honeypots for Windows", Roger A. Grimes

Discussion in 'Computer Security' started by Rob Slade, doting grandpa of Ryan and Trevor, Aug 18, 2005.

  1. BKHNPTWN.RVW 20050614

    "Honeypots for Windows", Roger A. Grimes, 2005, 1-59059-335-9, U$39.99
    %A Roger A. Grimes
    %C 2560 Ninth Street, Suite 219, Berkeley, CA 94710
    %D 2005
    %G 1-59059-335-9
    %I Apress
    %O U$39.99 510-549-5930 fax 510-549-5939
    %O http://www.amazon.com/exec/obidos/ASIN/1590593359/robsladesinterne
    http://www.amazon.co.uk/exec/obidos/ASIN/1590593359/robsladesinte-21
    %O http://www.amazon.ca/exec/obidos/ASIN/1590593359/robsladesin03-20
    %O Audience i+ Tech 2 Writing 1 (see revfaq.htm for explanation)
    %P 392 p.
    %T "Honeypots for Windows"

    Now, we all know that honeypots can be fun: turning the tables on the
    blackhats, and watching what they are doing for once. We'll even
    acknowledge that the information honeypots provide can be useful,
    teaching us the types of approaches and activities that intruders are
    likely to undertake. But Grimes, in the introduction, stresses the
    position that honeypots are important security tools used for
    protection: that the extensive employment of honeypots will somehow
    "put an end" to script kiddies and the myriad attacks we see flying
    around the nets.

    Part one is about general honeypot concepts. Chapter one is an
    introduction to honeypots, looking at different honeypots and some
    common attack types, and has an extremely terse mention of the fact
    that there are risks associated with using honeypots. Components and
    simple topologies for honeypots are listed in chapter two.

    Part two moves specifically to Windows honeypots. Chapter two lists
    the ports that a Windows computer typically has open, and provides
    some (but not much) information on how the major ones work. A set of
    questions to ask yourself about how you want to operate and configure
    your honeypot are in chapter three, along with generic advice about
    hardening the computer if you use Windows as the native operating
    system. There is a table of services that you might want to turn off.
    There is also an inventory of programs you may wish to remove: it
    contains rather dated entries such as edlin.exe, but doesn't mention
    items such as tftp.exe. Chapters five to seven are concerned with the
    honeyd program and its Windows port, first in regard to description
    and installation, then configuration options, and finally service
    scripts. Other honeypot programs; Back Officer Friendly (BOF),
    LaBrea, SPECTER, KFSensor, Patriot Box, and Jackpot; are outlined in
    chapter eight, with the commercial entries getting the bulk of the
    space.

    Part three deals with the operation of honeypots. Chapter nine has
    some basic traffic analysis information, mostly documentation for the
    use of the Ethereal packet sniffer and the Snort intrusion detection
    system. A number of tools for monitoring your system are listed in
    chapter ten. Even though the title is "Honeypot Data Analysis," most
    of chapter eleven records more monitoring tools. Grimes reprises some
    of his stuff from "Malicious Mobile Code" (cf. BKMLMBCD.RVW), and adds
    a catalogue of assembly tools, to talk about analysing such code in
    chapter twelve.

    As a compilation of utilities, the book will probably be a handy
    reference for those who are interested in trying out a honeypot, or
    possibly just getting more information from their Windows computer.
    Network administrators who are seriously interested in actually
    running a honeypot or reviewing the data thus collected should
    probably look into "Know Your Enemy" (cf. BKKNYREN.RVW) or "Honeypots"
    (cf. BKHNYPOT.RVW), both by Spitzner.

    copyright Robert M. Slade, 2005 BKHNPTWN.RVW 20050614

    --
    ======================

    ============= for back issues:
    [Base URL] site http://victoria.tc.ca/techrev/
    or mirror http://sun.soci.niu.edu/~rslade/
    CISSP refs: [Base URL]mnbksccd.htm
    Security Dict.: [Base URL]secgloss.htm
    Book reviews: [Base URL]mnbk.htm
    Review mailing list: send mail to
    or
    Rob Slade, doting grandpa of Ryan and Trevor, Aug 18, 2005
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. roger_kaal

    Exam certification resources by roger

    roger_kaal, Oct 17, 2003, in forum: Microsoft Certification
    Replies:
    0
    Views:
    367
    roger_kaal
    Oct 17, 2003
  2. Sseadoubleyou

    Attention Roger: RE: Question about making a DVD movie!

    Sseadoubleyou, Feb 10, 2005, in forum: Computer Support
    Replies:
    1
    Views:
    392
    =?ISO-8859-1?Q?R=F4g=EAr?=
    Feb 10, 2005
  3. Mike

    Thanks "Rôgêr"!!

    Mike, Mar 6, 2005, in forum: Computer Support
    Replies:
    1
    Views:
    446
    =?ISO-8859-1?Q?R=F4g=EAr?=
    Mar 7, 2005
  4. Render Me

    Ping Roger

    Render Me, Jul 19, 2005, in forum: Computer Support
    Replies:
    2
    Views:
    487
    =?ISO-8859-1?Q?R=F4g=EAr?=
    Jul 19, 2005
  5. Render Me

    Roger

    Render Me, Jul 20, 2005, in forum: Computer Support
    Replies:
    4
    Views:
    636
    =?ISO-8859-1?Q?R=F4g=EAr?=
    Jul 22, 2005
Loading...

Share This Page