Honeypots have demonstrated immense value in Internet security, but physical honeypot deployment can be prohibitively complex, time-consuming, and expensive. Now, there’s a breakthrough solution. Virtual honeypots share many attributes of traditional honeypots, but you can run thousands of them on a single system-making them easier and cheaper to build, deploy, and maintain.
In this hands-on, highly accessible book, Virtual Honeypots: From Botnet Tracking to Intrusion Detection, two leading honeypot pioneers systematically introduce virtual honeypot technology. One step at a time, you’ll learn exactly how to implement, configure, use, and maintain virtual honeypots in your own environment, even if you’ve never deployed a honeypot before.
You’ll learn through examples, including Honeyd, the acclaimed virtual honeypot created by coauthor Niels Provos. The authors also present multiple real-world applications for virtual honeypots, including network decoy, worm detection, spam prevention, and network simulation.
After reading this book, you will be able to
” Compare high-interaction honeypots that provide real systems and services and the low-interaction honeypots that emulate them
” Install and configure Honeyd to simulate multiple operating systems, services, and network environments
” Use virtual honeypots to capture worms, bots, and other malware
” Create high-performance “hybrid” honeypots that draw on technologies from both low- and high-interaction honeypots
” Implement client honeypots that actively seek out dangerous Internet locations
” Understand how attackers identify and circumvent honeypots
” Analyze the botnets your honeypot identifies, and the malware it captures
” Preview the future evolution of both virtual and physical honeypots