Behind enemy lines

“If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.”
—Sun Tzu in The Art of War

The Internet security war keeps getting more intense. Intruders get bolder and the time-lag between new systems coming online for the first time and attempts to gain unauthorised access to them is reducing from days to a matter of hours and even minutes. However, Honeynet technology shows the promise of engaging the faceless intruders in battle. The book is a guide for the good guys—the victims—to go on the offensive for the first time. It helps them use the enemy’s smartness and cunning against them. They can now develop espionage to monitor enemy activities because the only way to defend yourself— and defeat the enemy—is to first know and understand who the enemy is.

The intruders or the dark side is represented by the blackhat hackers, crackers, malicious attackers, disgruntled employees or scheming insiders. They are motivated by money, power, revenge or fame, and have managed to win many a battle because the victims have little or no knowledge of who the attackers are, what is their modus operandi is, or why they attack. Even as the number of attacks increases exponentially, remedial measures such as anti-virus, firewalls, encryption and intrusion detection systems have always been passive and defensive. This book, targeting the CSOs of small, medium and large enterprises, helps the good guys to fight back efficiently, smartly and decisively.

The book is divided into three parts. The first with eight chapters begins with the history of the Honeynet project, and goes on to explain the honeypot concept and Honeynet, as well as their advantages and disadvantages. It further describes Gen I and Gen II Honeynets as well as advanced honeynet deployments such as virtual and distributed honeynets.

Title : Know Your Enemy — learning about security threats Author : The Honeynet Project Pages : 770 Publisher : Addison-Wesley Price : Rs 449

Chapter 8 highlights legal issues such as the legalities of monitoring network users and dealing with network crime. It also focusses on the protocol used to deal with network crimes, denial of service attacks, malicious code, intrusions, other computer access crimes, and the risks and repercussions of keeping stolen data on your system.

The second part focusses on the analysis of data collected by honeynets. Topics covered include purpose and value of data analysis, network forensics, and computer forensics including Unix, Linux and Windows forensics as well as reverse engineering.

Part 3 focusses on the attacker’s sociology and psychology. This part tries to explain the why factor. It also highlights the intelligence of the hacker, cracker, blackhat and whitehat community, and ends with examples of compromised Windows, Linux and Solaris systems—and the lessons learnt from them.

The final chapter focusses on the future of honeynets. Possible future trends include evolution of honeynets to detect advance threats which target systems of high value. They will be built on sensitive sites such as government and military sites. These systems will be deployed not only on external or perimeter networks but also on internal networks.

The book’s language is simple and its pace is such that it is hard to put the book down, technical jargon notwithstanding. However, Honeynet is just a step towards the escalation of the issue. The blackhat community will come up with counter-measures for detecting, deceiving and disabling the honeynets. The never-ending war between good and evil continues, and the result is the same as it has been for ages—inconclusive.

—Kumar Dawada