Honeypots for Windows (eBook)
424 Seiten
Apress (Verlag)
978-1-4302-0007-9 (ISBN)
* Covers how to create your own emulated services to fool hackers
* Discusses physical setup of Honeypot and network necessary to draw hackers to Honeypot
* Discusses how to use Snort to co-exist with Honeypot
* Discusses how to use a Unix-style Honeypot to mimic a Windows host
* Discusses how to fine-tune a Honeypot
* Discusses OS fingerprinting, ARP tricks, packet sniffing, and exploit signatures
Roger A. Grimes (CPA, CISSP, MCSE: Security (NT/2000/2003/MVP), CEH, TICSA, Security+, MCT) is a Windows security consultant, instructor, and author. This is Grimes' third book and he has written over a 150 articles for magazines like Windows IT Pro, Microsoft Certified Professional, InfoWorld, Network Magazine, Windows & .NET, and Security Administrator. He is a contributing editor for Windows & .NET, and InfoWorld magazines. Grimes has presented at Windows Connections, MCP TechMentors, and SANS. He was recognized as 'Most Valuable Professional' (MVP) by Microsoft, for Windows Server 2003 security. Grimes also writes frequently for Microsoft, including material for two courses on advanced Windows security and Technet. He has taught security to many of the world's largest and most respected organizations, including Microsoft, VeriSign, the U.S. Navy, various universities, and public school systems. Grimes spends his time surrounded by the maddening hum of twelve 1U servers in his home office, monitoring his personal honeypots.
Installing a honeypot inside your network as an early warning system can significantly improve your security. Currently, almost every book and resource about honeypots comes from a Unix background, which leaves Windows administrators still grasping for help. But Honeypots for Windows is a forensic journeyhelping you set up the physical layer, design your honeypot, and perform malware code analysis.You'll discover which Windows ports need to be open on your honeypot to fool those malicious hackers, and you'll learn about numerous open source tools imported from the Unix world. Install a honeypot on your DMZ or at home and watch the exploits roll in! Your honeypot will capture waves of automated exploits, and youll learn how to defend the computer assets under your control.
Roger A. Grimes (CPA, CISSP, MCSE: Security (NT/2000/2003/MVP), CEH, TICSA, Security+, MCT) is a Windows security consultant, instructor, and author. This is Grimes' third book and he has written over a 150 articles for magazines like Windows IT Pro, Microsoft Certified Professional, InfoWorld, Network Magazine, Windows & .NET, and Security Administrator. He is a contributing editor for Windows & .NET, and InfoWorld magazines. Grimes has presented at Windows Connections, MCP TechMentors, and SANS. He was recognized as "Most Valuable Professional" (MVP) by Microsoft, for Windows Server 2003 security. Grimes also writes frequently for Microsoft, including material for two courses on advanced Windows security and Technet. He has taught security to many of the world's largest and most respected organizations, including Microsoft, VeriSign, the U.S. Navy, various universities, and public school systems. Grimes spends his time surrounded by the maddening hum of twelve 1U servers in his home office, monitoring his personal honeypots.
Contents 6
About the Author 14
About the Technical Reviewers 15
Acknowledgments 16
Introduction 17
Part One Honeypots in General 22
Chapter 1 An Introduction to Honeypots 23
What Is a Honeypot? 23
What Is a Honeynet? 25
Why Use a Honeypot? 25
Basic Honeypot Components 31
Honeypot Types 33
History of Honeypots 40
Attack Models 46
Risks of Using Honeypots 52
Summary 54
Chapter 2 A Honeypot Deployment Plan 55
Honeypot Deployment Steps 55
Honeypot Design Tenets 56
Attracting Hackers 57
Defining Goals 57
Honeypot System Network Devices 61
Honeypot System Placement 74
Summary 79
Part Two Windows Honeypots 80
Chapter 3 Windows Honeypot Modeling 81
What You Need to Know 81
Common Ports and Services 83
Computer Roles 86
Services in More Detail 90
Common Ports by Platform 101
Common Windows Applications 104
Putting It All Together 105
Summary 106
Chapter 4 Windows Honeypot Deployment 107
Decisions to Make 107
Installation Guidance 114
Hardening Microsoft Windows 118
Summary 138
Chapter 5 Honeyd Installation 139
What Is Honeyd? 139
Why Use Honeyd? 140
Honeyd Features 141
Honeyd Installation 154
Summary 167
Chapter 6 Honeyd Configuration 168
Using Honeyd Command-Line Options 168
Creating a Honeyd Runtime Batch File 169
Setting Up Honeyd Configuration Files 171
Testing Your Honeyd Configuration 182
Summary 183
Chapter 7 Honeyd Service Scripts 184
Honeyd Script Basics 184
Default Honeyd Scripts 189
Downloadable Scripts 195
Custom Scripts 197
Summary 205
Chapter 8 Other Windows-Based Honeypots 206
Back Officer Friendly 206
LaBrea 207
SPECTER 209
PatriotBox 229
Jackpot SMTP Tarpit 231
More Honeypots 236
Summary 236
Part Three Honeypot Operations 238
Chapter 9 Network Traffic Analysis 239
Why Use a Sniffer and an IDS? 239
Network Protocol Basics 243
Network Protocol Capturing Basics 255
Ethereal 256
Snort 266
Summary 284
Chapter 10 Honeypot Monitoring 285
Taking Baselines 285
Monitoring 292
Logging 300
Alerting 311
Summary 316
Chapter 11 Honeypot Data Analysis 317
Why Analyze? 317
Honeypot Analysis Investigations 318
A Structured Forensic Analysis Approach 320
Forensic Analysis in Action 341
Forensic Tool Web Sites 351
Summary 352
Chapter 12 Malware Code Analysis 353
An Overview of Code Disassembly 353
Assembly Language 355
Assembler and Disassembler Programs 365
Malicious Programming Techniques 374
Disassembly Environment 376
Disassembly Practice 376
Summary 377
Index 378
Erscheint lt. Verlag | 22.11.2006 |
---|---|
Zusatzinfo | 424 p. |
Verlagsort | Berkeley |
Sprache | englisch |
Themenwelt | Informatik ► Betriebssysteme / Server ► Windows |
Mathematik / Informatik ► Informatik ► Software Entwicklung | |
Schlagworte | Deployment • Design • Modeling • Open Source • security • WINDOWS |
ISBN-10 | 1-4302-0007-3 / 1430200073 |
ISBN-13 | 978-1-4302-0007-9 / 9781430200079 |
Haben Sie eine Frage zum Produkt? |
Größe: 6,5 MB
DRM: Digitales Wasserzeichen
Dieses eBook enthält ein digitales Wasserzeichen und ist damit für Sie personalisiert. Bei einer missbräuchlichen Weitergabe des eBooks an Dritte ist eine Rückverfolgung an die Quelle möglich.
Dateiformat: PDF (Portable Document Format)
Mit einem festen Seitenlayout eignet sich die PDF besonders für Fachbücher mit Spalten, Tabellen und Abbildungen. Eine PDF kann auf fast allen Geräten angezeigt werden, ist aber für kleine Displays (Smartphone, eReader) nur eingeschränkt geeignet.
Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen dafür einen PDF-Viewer - z.B. den Adobe Reader oder Adobe Digital Editions.
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen dafür einen PDF-Viewer - z.B. die kostenlose Adobe Digital Editions-App.
Zusätzliches Feature: Online Lesen
Dieses eBook können Sie zusätzlich zum Download auch online im Webbrowser lesen.
Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.
aus dem Bereich