Computer books at discount prices

Our Comments:
Please See ISBN 0321166469 for 2nd Edition.

Summary:
For centuries, military organizations have depended on scouts to gather intelligence on the enemy. Specifically, who the enemy was, what they were doing, how they may attack, the weapons they use, and their ultimate objectives. Time and again this information has proven critical in defending against and defeating the enemy.

For information security, this scout has never existed. Very few organizations know who their enemy is, how they may attack, what the enemy does once they compromise a system, and why they attack. The Honeynet Project is changing this. A research organization of thirty security professionals, we are dedicated to learning the tools, tactics and motives of the blackhat community. Just as with scouts in the military, our mission is to gather intelligence on the enemy.

The primary weapon of the Honeynet Project is the Honeynet, a unique solution designed to capture and study the blackhat's every move. In this book you will learn in detail not only what we have discovered about this adversary, but how we built and used Honeynets to gather this critical information.

Know Your Enemy includes:

The Honeynet: Description of a honeynet, and how to plan, build, and maintain one. Also covers risks and issues involved.
The Analysis: Step-by-step instructions on how to capture and analyze data from a honeynet.
The Enemy: Presents what the project learned about the blackhat community, including documented compromised systems.

Aimed at both security professionals and those with a non-technical background, this book teaches the technical skills needed to study a blackhat attack and learn from it. The CD includes examples of network traces, code, system binaries, and logs used by intruders from the blackhat community.

Table of Contents:

Preface ..... xi
Foreword ..... xv: Chapter 1: The Battleground ..... 1
Part I: The Honeynet ..... 7
Chapter 2: What a Honeynet Is ..... 9
Honeypots ..... 9
Honeynets ..... 12
Summary ..... 17
Chapter 3: How a Honeynet Works ..... 19
Data Control ..... 20
Data Capture ..... 30
Social Engineering ..... 41
Risk ..... 42
Summary ..... 43
Chapter 4: Building a Honeynet ..... 45
Overall Architecture ..... 45
Data Control ..... 47
Data Capture ..... 51
Maintaining a Honeynet and Reacting to Attacks ..... 53
Summary ..... 54

Part II: The Analysis ..... 55
Chapter 5: Data Analysis ..... 57
Firewall Logs ..... 57
IDS Analysis ..... 60
System Logs ..... 70
Summary ..... 73
Chapter 6: Analyzing a Compromised System ..... 75
The Attack ..... 75
The Probe ..... 77
The Exploit ..... 78
Gaining Access ..... 83
The Return ..... 88
Analysis Review ..... 92
Summary ..... 93
Chapter 7: Advanced Data Analysis ..... 95
Passive Fingerprinting ..... 95
Forensics ..... 103
Summary ..... 109
Chapter 8: Forensic Challenge ..... 111
Images ..... 111
The Coroner's Toolkit ..... 112
MAC Times ..... 114
Deleted Inodes ..... 117
Data Recovery ..... 119
Summary ..... 122
Part III: The Enemy ..... 123
Chapter 9: The Enemy ..... 125
The Threat ..... 125
The Tactics ..... 126
The Tools ..... 130
The Motives ..... 132
Changing Trends ..... 134
Summary ..... 137
Chapter 10: Worms at War ..... 139
The Setup ..... 140
The First Worm ..... 141
The Second Worm ..... 144
The Day After ..... 146
Summary ..... 149
Chapter 11: In Their Own Words ..... 151
The Compromise ..... 152
Reading the IRC Chat Sessions ..... 163
Analyzing the IRC Chat Sessions ..... 260
Summary ..... 264
Chapter 12: The Future of the Honeynet ..... 267
Future Developments ..... 267
Appendix A: Snort Configuration ..... 271
Snort Start-Up Script ..... 271
Snort Configuration File, snort.conf. ..... 272
Appendix B: Swatch Configuration File ..... 275
Appendix C: Named NXT HOWTO ..... 277
Appendix D: NetBIOS Scans ..... 285
Appendix E: Source Code for bj.c ..... 297
Appendix F: TCP Passive Fingerprint Database ..... 299
Appendix G: ICMP Passive Fingerprint Database ..... 301
Appendix H: Honeynet Project Members ..... 303
Index ..... 315