"The Honeynet guys have always been fighting the good fight: messing with the hackers' heads, learning what they're doing, collecting their tools and tricks, and sharing the knowledge with the rest of the good guys. It's one thing to sit around and try to guess what the hackers are up to, but the Honeynet Project just rolled up their sleeves and went on the offensive in their own unique way. Never before has being a victim been so cool! This book is a great resource for the serious information security professional and the beginning practitioner alike."
--Marcus J. Ranum, Senior Scientist, TrueSecure Corp. "The Honeynet Project is one of the best sources, if not the best source, for information about current techniques and trends in the blackhat community. They are also how-to experts in setting up and gathering information--safely--about these attackers. The Honeynet Project's ability and willingness to share cutting-edge information is an immeasurable benefit to the security community."
--Jennifer Kolde, security consultant, author, and instructor "Know Your Enemy contains an incredible wealth of information, including legal and sociological topics, that set it apart from other security books. The scope of this book is broad, and while no one book can teach people everything they need to know on such a topic, this one covers the subject better than any other source I know. Know Your Enemy will help security professionals with specific technical information, and it will help more general readers better understand a topic they need to learn about."
--William Robinson, former security training program manager at Sun Microsystems, curriculum coordinator for Fire Protection Publications. "This book will be an extremely useful tool in helping a network security administrator or professional assemble the technical tools needed to build, maintain, analyze, and learn from a honeynet within their organization. Each technical chapter goes into great detail on commands, log formats, configuration files, network design, etc. As a professional working with many of these technologies on a daily basis, it is exciting to see all of this information in one place. The knowledge and experience of the authors in working with and developing honeynets has grown noticeably since the first book was published. This is a very positive revision."
--Sean Brown, IT Director, Applied Geographics, Inc. "With the drastic increase in the number of attacks, it is important to have more people within the security industry studying attacks and attackers' motives and sharing their results with the community. This book begins by teaching users whether they should install a honeypot, and then gives details and information about honeypots and how they can deploy them."
--Kirby Kuehl, Cisco Systems "Know Your Enemy reveals truths about the blackhat community and shows readers how to fight off attacks. The authors contribute their own experiences and offer the curious reader a rainbow of ideas."
--Laurent Oudot, security engineer, CEA "The Honeynet Project has been blazing a trail and providing a hard dose of reality that computer security needs. Get behind the fantasy and learn what the hackers are really doing. This is great cutting-edge stuff!"
--Marcus J. Ranum, senior scientist, TruSecure Corp. For centuries, military organizations have relied on scouts to gather intelligence about the enemy. In the field of information security, few scouts have ever existed. Very few organizations today know who their enemies are, how they might attack, when they might attack, and, perhaps most important, why they attack. If the blackhat community is the enemy, then the Honeynet Project is a most valuable ally. In this completely revised and greatly expanded follow-up to their groundbreaking book, Know Your Enemy, members of the Honeynet Project, the Alliance, and the community (including Lance Spitzner, Brian Carrier, Anton Chuvakin, Eric Cole, Yannis Corovesis, Max Kilger, and Rob Lee) provide an unrivaled "intelligence report" on those who use the Internet for destructive purposes. They also provide an in-depth guide to honeynets--high-interaction honeypots designed to capture extensive information on exactly how your enemies operate so you can protect your systems from them. Inside, you'll find extensive information on: - How to plan, build, and maintain first- and second-generation, virtual, and distributed honeynets.
- How to capture and analyze data through a honeynet, including the latest on reverse engineering and forensics for Windows, UNIX, and networks.
- Understanding the enemy, including real examples of incidents and compromised systems, types of attacks, and profiling.
Aimed at security professionals, but containing much information that is relevant for those with less technical backgrounds, this book teaches the technical skills needed to study and learn from a blackhat attack.
|
Average Customer Review:
 ( 28 customer reviews )
Write an online review and share your thoughts with other customers.
Most Helpful Customer Reviews
60 of 61 found the following review helpful:
One-of-a-kind; a must read for security professionalsSep 26, 2001
By Richard Bejtlich
"TaoSecurity"
I am a senior engineer for network security operations. I reviewed and provided feedback on a draft of "Know Your Enemy" (KYE) and I am credited on page xiii. This book by the Honeynet Project breaks new ground in the security and publishing communities. It is the first substantial "intelligence report" on those who use the Internet for destructive means, and will enlighten readers of all skill and experience levels.
As a former Air Force intelligence officer, I share the Honeynet Project's desire to gain insight into the tools, tactics, and intentions of the enemy. After explaining the technical details of configuring the honeynet, the authors discuss the attacks launched against their monitored network. The book's level of detail is excellent, as it includes network traces, log entries, and even keystroke captures. This multi-dimensional analysis is exactly the sort of information needed by intrusion detectors and other security personnel.
Beyond the descriptions of various incidents, the authors reveal several key insights. First, the security community must look beyond the tools used by the adversary, and understand tactics and intentions. Second, data collection is critical; alerts mean little without supporting evidence. Third, defense in depth applies to intrusion detection, as it is best to use logs from routers, firewalls, IDS, and hosts together when analyzing events.
The main reason I gave the book four stars was the inclusion of 100 pages of IRC logs in chapter 11. This did not add much to the 328 page book. The analysis of the chat sessions near the end of the chapter was more helpful. That section could have paraphrased the chatting or made reference to transcripts on a CD-ROM. I also hope future Honeynet Project books address Windows NT/2000 compromises, and ways to perform digital forensics on those systems.
Overall, I found "Know Your Enemy" to be highly motivational. I was glad to finally see proof that the "good guys" share information! (I think we give the "bad guys" a little too much credit in that respect.) I plan to include this book in my recommended reading list for network security and intrusion detection professionals. It is simple and well-written, and contains the right sort of information for someone trying to understand common security incidents.
Cliff Stoll's book was the last to detail a truly high-end compromise, perpetrated by individuals employed by a foreign intelligence service. When will the Honeynet Project bag "the big one?"
(Disclaimer: The publisher sent me a free review copy.)
21 of 22 found the following review helpful:
 Lance Spitzner "Know Your Enemy"Apr 23, 2002
By Dr Anton Chuvakin
"Dr. Anton Chuvakin"
"Know Your Enemy" from the Honeynet Project...
team (led by Lance Spitzner) is an amazing account on adventures in computer
security. This superb book provides the summary of two years of the project
operation. Aimed to gather and analyze more information about malicious
hackers, the project provided security community with unique insights into
attacks, tricks, and even personalities of hackers. The network (now a
combination of networks in several places worldwide) was deployed for the
single purpose of being penetrated by remote attackers (or blackhats, as
they are called in the book). Their actions were then recorded, studied and
presented in this book and papers on the project web site
.... Real production systems (Linux, UNIX,
Windows) were deployed within the Honeynet.Leveraging his military background, Lance Spitzner explains why it is
crucial to get first hand information on computer underground operations.
"Information is power" and in computer security there is a serious lack of
information about the adversaries. Most of the available information comes
as 'too little, too late' such as for a company that gets first-hand
knowledge of hackers right after seeing "u r 0wned" on their web site. And
even in this case other companies cannot learn from mistakes, since the
break-in will be kept as secret as possible. The typical Honeynet break-in produces the following information. What
reconnaissance activity was performed by an attacker before the intrusion?
Which network service was exploited? What exact exploit string or buffer
overflow was used? What attacked did after getting access to the system? How
he or she retained access to the system? How did he or she use the system?
The answers are in the book! In some of the attacks, the logs of IRC (Internet Relay Chat) conversations
between hackers were recorded. They reveal not only the technology, but also
some of the motivations of intruders. Some stories from the book border on
impossible, such as the case where the streaming video sent by hackers was
captured by the Honeynet team. The book also provides full details on designing, building and
maintaining the honeynet, including the risks of running a honeynet. To
be more precise, they describe a Generation I honeynet, since now the
project has moved to more sophisticated security technology. The
project uses stringent standards for data control (preventing attacker
from causing trouble to third parties), data collection (recording
everything that happens on the network) and data collection
(aggregating attack data from several honeynets). Overall, as Bruce Schneier said in the book's foreword: "Great stuff,
and it 's all real" Anton Chuvakin, Ph.D. is a Senior Security Analyst with a major
information security company.
18 of 19 found the following review helpful:
An extremely important security book & a fascinating readMar 12, 2002
By Ben Rothke
"Author of 'Computer Security: 20 Things Every Employee Should Know'"
Many an author has written about hackers and computer criminals, but more often it's not from first-hand knowledge. Know Your Enemy is unique is that it is written in the first person. The book is a chronicle of The Honeynet Project; which is a group of security professionals dedicated to learning the tools, tactics and motives of hackers in order to share what they have learned from those encounters. The group was formed due to the every growing complexity of today's networks, and that no single individual has the complete set of skills necessary to understand the forensics behind computer attacks. The book centers around honey pots and honey network that the Honeynet Project designed. A honey pot is a computer designed to look like something that an intruder can hack into. One example of a honey pot is to install a machine on a network with no particular purpose other than to log all attempted accesses to it. Similarly, a honeynet is a network designed to be compromised. The function of the honeynet is that when attackers probe, attack and attempt to hack a system, the administrators of the honeynet are able to observe all of their activities, and use that knowledge to design stronger systems. By building such a network and understanding the scope attacks against it, one can understand their adversary, and can better protect their corporate information systems assets. The book is divided into three parts. The first part shows how the group planned and built the Honeynet. The second part goes into an in-depth analysis of the logs gathered during attacks. While part 3 looks at the threats, motives and tools that the enemy employs in their attacks. The book is written by technical experts, but in a language that doesn't require a strong technical background. The book effectively shows how a hacker thinks and operates. Most often than not, the hacker simply bypasses the normal security mechanism in place. Know Your Enemy takes all of the lessons learned from hundreds of attacks against the honeynet and shows how to better design systems that is resilient against attack. Know Your Enemy is not only an extremely important security book, it is a fascinating read. For any security practitioner wants to truly understand the risks their networks face on a daily basis, Know Your Enemy is a must read.
24 of 28 found the following review helpful:
Fascinating and intelligent. Everyone should read this book.Oct 11, 2001
By Richard La Bella
Nothing could stop me from writing a review about "Know Your Enemy" and I'll tell you why: It's no secret, most of us can't turn on a television or a radio these days without hearing the United States needs better intelligence, better tools and methods for spying on enemies so America can prepare for attacks before they strike. Well, the same holds true in the information age. More intelligence must be built around network security and computer systems. Lance Spitzner's new book, "Know Your Enemy" shows us how. When I started reading this book, I couldn't believe what I was hearing. A network of computers called a honeynet, designed as an everyday corporate network used to capture, analyze and control the flow of data in and out of the network for studying the motives, tactics, and tools of the blackhat community? Wow!! "Know Your Enemy" walks us through building and managing our own honeynet's. A CD-ROM comes with the book with tools to get us started. I speak from experience when I tell you this book helped me during my honeynet build. It showed me ways to capture critical information, log that information, and alert me via pager and e-mail in real time. The book talks about methods used for capturing keystrokes, advanced data analysis, and ways by which to capture and control the data. There are chock full of real world scenario's directed at dealing with worms. As we read through the book we get the chance to view how systems are exploited and what made them vulnerable. Lance Spitzner takes us step-by-step through real world attacks initiated by real blackhats and crackers. Reading this book is like reading someone's diary from the beginning only the information is freely shared and extremely valuable. "Know Your Enemy" took me down the path I needed to go. It will take you to the next level of security everyone might want to strongly consider. One, that's more analytical and intelligent, one that teaches us to be more proactive. My favorite chapter in this book was "In Their Own Words". That chapter was over 100 pages of captured keystrokes between the blackhats that took over the honeynet and...well...you should get the book and read it for yourself. It's a trip. Richard La Bella, MCSE, CCSE, CCNA
13 of 15 found the following review helpful:
An informative look at how the "bad guys" operateDec 24, 2002
By Brian D. Mcmahon
"Know Your Enemy" begins with this simple yet striking observation: no military would plan to fight a battle without trying to learn as much as possible about the enemy -- their capabilities, their equipment, normal patterns of observation, and so on. But these rudiments of "tactical intelligence" have long been neglected in computer security. This book describes the Honeynet project (www.honeynet.org), a group that sets up so-called "honeypot" systems in order to observe (and learn about) the people who then try to attack them. One fact that is especially striking, and more than a little frightening, is the short amount of time that elapses between new systems being connected to the Internet and the first attempts to break into them. The author tells of one system that got hit within 15 minutes of plugging it in! The book is divided into three parts: how to set up a honeynet, how to analyze the collected data, and what the author has learned about "the enemy" in doing so. The first part will be most interesting to those strange folks like me who, at one point or another, have set up "tripwires" on their systems to see who might be jiggling the doorknobs. The thought process involved in setting up a honeypot system, however, is more generally useful, because it helps to train the mind to think about secure vs. insecure systems and trust in general. Students of system and/or network administration should find this helpful, even if they never set up a honeypot themselves.But it's also more generally useful for forensic analysis after a security incident. Finally, there's part three, the discussion of what has been learned about the "black hat" community. This I found to be both the most interesting and the most frustrating part of the book. In particular, chapter 11 ("In Their Own Words") is at the same time a strong and weak point. This chapter consists mainly of a collection of intercepted chat logs between intruders, with some commentary and analysis interspersed. My concerns with this chapter are, first, it is rather long (over 100 pages); and second, the actual analysis is fairly limited, though having an actual psychologist in on the honeynet team does add an interesting touch. Overall, this is an extremely valuable book for those with responsiblity for (and/or interest in) computer security. Taking into account my complaints about chapter 11, I give the book 4.5 stars, rounded up to 5.
See all 28 customer reviews on Amazon.com
|
based on 28 reviews
