Know Your Enemy
Addison Wesley
978-0-201-74613-6 (ISBN)
- Titel erscheint in neuer Auflage
- Artikel merken
This book shares the lessons of the Honeynet Project, in which leading security professionals built networks designed to be compromised. From this they learned everything possible from the "blackhat" hackers who took the bait: their tools, their tactics, and their motives. The insights in this book will go a long way towards helping security professionals protect their networks against real attacks. If that's not enough, the book shows you how to build your own honeynet, learning even more about today's most significant exploits -- and tomorrow's. Lance Spitzer, leader of The Honeynet Project, begins by introducing honeynets and honeypots (the parts that make up the honeynet network), explaining how they work, and showing how to build one. Next, Know Your Enemy focuses on an in-depth analysis of attacks, including detailed analyses of compromised systems, and techniques for containing blackhat hackers while you gather evidence and work to identify them. Part III takes you into the minds of the blackhat hackers, focusing on the evidence left by actual attacks -- not theory or speculation.
For all computer security specialists, and network and system administrators concerned with intrusion detection and security.
The Honeynet Project is a nonprofit security research organization made up of volunteers. These volunteers are dedicated to learning the tools, tactics, and motives of the blackhat community and sharing lessons learned. The Honeynet Project has 30 members, and works with various other organizations through The Honeynet Research Alliance.
Preface.
Foreword.
1. The Battleground.
I: THE HONEYNET.
2. What a Honeynet Is.
Honeypots.
Honeynets.
Value of a Honeynet.
The Honeypots in the Honeynet.
Summary.
3. How a Honeynet Works.
Data Control.
Data Capture.
Access Control Layer.
Network Layer.
System Layer.
Off-Line Layer.
Social Engineering.
Risk.
Summary.
4. Building a Honeynet.
Overall Architecture.
Data Control.
Data Capture.
Maintaining a Honeynet and Reacting to Attacks.
Summary.
II: THE ANALYSIS.
5. Data Analysis.
Firewall Logs.
IDS Analysis.
System Logs.
Summary.
6. Analyzing a Compromised System.
The Attack.
The Probe.
The Exploit.
Gaining Access.
The Return.
Analysis Review.
Summary.
7. Advanced Data Analysis.
Passive Fingerprinting.
The Signatures.
The ICMP Example.
Forensics.
Summary.
8. Forensic Challenge.
Images.
The Coroner's Toolkit.
MAC Times.
Deleted Inodes.
Data Recovery.
Summary.
III: THE ENEMY.
9. The Enemy.
The Threat.
The Tactics.
The Tools.
The Motives.
Changing Trends.
Summary.
10. Worms at War.
The Setup.
The First Worm.
The Second Worm.
The Day After.
Summary.
11. In Their Own Words.
The Compromise.
Reading the IRC Chat Sessions.
Day 1, June 4.
Day 2, June 5.
Day 3, June 6.
Day 4, June 7.
Day 5, June 8.
Day 6, June 9.
Day 7, June 10.
Analyzing the IRC Chat Sessions.
Profiling Review.
Psychological Review.
Summary.
12. The Future of the Honeynet.
Future Developments.
Conclusion.
Appendix A. Snort Configuration.
Snort Start-Up Script.
Snort Configuration File, snort.conf..
Appendix B. Swatch Configuration File.
Appendix C. Named NXT HOWTO.
Appendix D. NetBIOS Scans.
Appendix E. Source Code for bj.c.
Appendix F. TCP Passive Fingerprint Database.
Appendix G. ICMP Passive Fingerprint Database.
Appendix H. Honeynet Project Members.
Index. 0201746131T08302001
| Erscheint lt. Verlag | 25.9.2001 |
|---|---|
| Verlagsort | Boston |
| Sprache | englisch |
| Gewicht | 732 g |
| Themenwelt | Informatik ► Netzwerke ► Sicherheit / Firewall |
| ISBN-10 | 0-201-74613-1 / 0201746131 |
| ISBN-13 | 978-0-201-74613-6 / 9780201746136 |
| Zustand | Neuware |
| Haben Sie eine Frage zum Produkt? |
aus dem Bereich
