Behind enemy lines
If you know the enemy and know
yourself, you need not fear the result of a hundred battles. If you know yourself
but not the enemy, for every victory gained you will also suffer a defeat. If
you know neither the enemy nor yourself, you will succumb in every battle.
Sun Tzu in The Art of War
The Internet security war keeps getting more intense. Intruders get bolder
and the time-lag between new systems coming online for the first time and attempts
to gain unauthorised access to them is reducing from days to a matter of hours
and even minutes. However, Honeynet technology shows the promise of engaging
the faceless intruders in battle. The book is a guide for the good guysthe
victimsto go on the offensive for the first time. It helps them use the
enemys smartness and cunning against them. They can now develop espionage
to monitor enemy activities because the only way to defend yourself and
defeat the enemyis to first know and understand who the enemy is.
The intruders or the dark side is represented by the blackhat hackers, crackers,
malicious attackers, disgruntled employees or scheming insiders. They are motivated
by money, power, revenge or fame, and have managed to win many a battle because
the victims have little or no knowledge of who the attackers are, what is their
modus operandi is, or why they attack. Even as the number of attacks increases
exponentially, remedial measures such as anti-virus, firewalls, encryption and
intrusion detection systems have always been passive and defensive. This book,
targeting the CSOs of small, medium and large enterprises, helps the good guys
to fight back efficiently, smartly and decisively.
The book is divided into three parts. The first with eight
chapters begins with the history of the Honeynet project, and goes on to explain
the honeypot concept and Honeynet, as well as their advantages and disadvantages.
It further describes Gen I and Gen II Honeynets as well as advanced honeynet
deployments such as virtual and distributed honeynets.
Know Your Enemy learning about security threats
Author : The Honeynet Project
Pages : 770
Publisher : Addison-Wesley
Price : Rs 449
Chapter 8 highlights legal issues such as the legalities of
monitoring network users and dealing with network crime. It also focusses on
the protocol used to deal with network crimes, denial of service attacks, malicious
code, intrusions, other computer access crimes, and the risks and repercussions
of keeping stolen data on your system.
|Honeypot and Honeynet
Honeypot is a decoy computer
set up to attract the attention of the intruder so that he leaves the
actual network alone. The honeynet is a group of real systems and applications
on the network, kept as a trap for intruders. No one is authorised to
interact with them, therefore any inbound or outbound connectivity to
the honeynet is unauthorised activity. This makes it very effective in
detecting and capturing known and unknown activities.
The second part focusses on the analysis of data collected by honeynets. Topics
covered include purpose and value of data analysis, network forensics, and computer
forensics including Unix, Linux and Windows forensics as well as reverse engineering.
Part 3 focusses on the attackers sociology and psychology. This part tries
to explain the why factor. It also highlights the intelligence of the hacker,
cracker, blackhat and whitehat community, and ends with examples of compromised
Windows, Linux and Solaris systemsand the lessons learnt from them.
The final chapter focusses on the future of honeynets. Possible future trends
include evolution of honeynets to detect advance threats which target systems
of high value. They will be built on sensitive sites such as government and
military sites. These systems will be deployed not only on external or perimeter
networks but also on internal networks.
The books language is simple and its pace is such that it is hard to put
the book down, technical jargon notwithstanding. However, Honeynet is just a
step towards the escalation of the issue. The blackhat community will come up
with counter-measures for detecting, deceiving and disabling the honeynets.
The never-ending war between good and evil continues, and the result is the
same as it has been for agesinconclusive.