Virtual Honeypots: From Botnet Tracking to Intrusion Detection
Authors: Niels Provos and Thorsten Holz
Pages: 440
Publisher: Addison-Wesley Professional
ISBN: 0321336321
Introduction
In order to stay one step ahead the attackers you have to learn what they know. Virtual honeypots enable security professionals to identify potential risks and improve their defensive techniques. Written by two industry veterans, “Virtual Honeypots” promises to tackle this topic heads-on, with lots of technical details.
About the authors
Niels Provos is one of the OpenSSH creators and known for his security work on OpenBSD. He developed Honeyd, SpyBye, and many other tools. He is a member of the Honeynet Project and currently employed as senior staff engineer at Google.
Thorsten Holz is one of the founders of the German Honeynet Project and a member of the Steering Committee of the Honeynet Research Alliance. Currently, his work concentrates on bots/botnets, client honeypots, and malware in general.
Inside the book
The authors start off with a brief introduction on honeypots, offer some background and give you a basic idea about the topic of this book. Moving on, you quickly learn about the advantages and disadvantages of both low-interaction and high-interaction honeypots and get installation instructions for several tools.
Honeyd, a popular open source honeypot platform, gets lots of coverage. The authors showcase its features, take you through the installation, setup and advanced configuration. You discover how to customize your virtual honeypot with the use of dynamic templates, Honeyd’s ability to simulate arbitrary routing topologies, and much more.
An entire chapter of the book is dedicated to case studies and is packed with practical lessons. The authors show you how to use a honeypot tool called nepenthes and how to integrate it into a network. You also familiarize yourself with low-interaction and high-interaction honeypots along with a number of incidents. Given its practical nature, I’ve found this to be the most captivating section of the book.
If you’ve been following the news closely the past year, you’ve noticed that botnets are becoming a very big threat, especially when it comes to Distributed Denial of Service (DDoS) attacks. An entire chapter of the book is dedicated to illustrating how you can use a honeypot to study a botnet in detail and mitigate the threat with the acquired data.
The authors opted to use a myriad of figures and tables and the book has a good layout that, given the technical nature of the topic, makes it straightforward to read and browse.
Final thoughts
Even though a complex topic such as virtual honeypots may seem only for an advanced audience, this book will also appeal to the less experienced. It is packed with enough background to get you started but it will serve as a reference guide once you’re familiar with the topic.
If you work with honeypots, this book belongs on your desk.