: Roger A. Grimes
: Honeypots for Windows
: Apress
: 9781430200079
: 1
: CHF 36.30
:
: Informatik
: English
: 424
: Wasserzeichen/DRM
: PC/MAC/eReader/Tablet
: PDF
* Talks about hardening a Windows host before deploying Honeypot

* Covers how to create your own emulated services to fool hackers

* Discusses physical setup of Honeypot and network necessary to draw hackers to Honeypot

* Discusses how to use Snort to co-exist with Honeypot

* Discusses how to use a Unix-style Honeypot to mimic a Windows host

* Discusses how to fine-tune a Honeypot

* Discusses OS fingerprinting, ARP tricks, packet sniffing, and exploit signatures



Roger A. Grimes (CPA, CISSP, MCSE: Security (NT/2000/2003/MVP), CEH, TICSA, Security+, MCT) is a Windows security consultant, instructor, and author. This is Grimes' third book and he has written over a 150 articles for magazines like Windows IT Pro, Microsoft Certified Professional, InfoWorld, Network Magazine, Windows& .NET, and Security Administrator. He is a contributing editor for Windows& .NET, and InfoWorld magazines. Grimes has presented at Windows Connections, MCP TechMentors, and SANS. He was recognized as 'Most Valuable Professional' (MVP) by Microsoft, for Windows Server 2003 security. Grimes also writes frequently for Microsoft, including material for two courses on advanced Windows security and Technet. He has taught security to many of the world's largest and most respected organizations, including Microsoft, VeriSign, the U.S. Navy, various universities, and public school systems. Grimes spends his time surrounded by the maddening hum of twelve 1U servers in his home office, monitoring his personal honeypots.
Contents6
About the Author14
About the Technical Reviewers15
Acknowledgments16
Introduction17
Part One Honeypots in General22
Chapter 1 An Introduction to Honeypots23
What Is a Honeypot?23
What Is a Honeynet?25
Why Use a Honeypot?25
Basic Honeypot Components31
Honeypot Types33
History of Honeypots40
Attack Models46
Risks of Using Honeypots52
Summary54
Chapter 2 A Honeypot Deployment Plan55
Honeypot Deployment Steps55
Honeypot Design Tenets56
Attracting Hackers57
Defining Goals57
Honeypot System Network Devices61
Honeypot System Placement74
Summary79
Part Two Windows Honeypots80
Chapter 3 Windows Honeypot Modeling81
What You Need to Know81
Common Ports and Services83
Computer Roles86
Services in More Detail90
Common Ports by Platform101
Common Windows Applications104
Putting It All Together105
Summary106
Chapter 4 Windows Honeypot Deployment107
Decisions to Make107
Installation Guidance114
Hardening Microsoft Windows118
Summary138
Chapter 5 Honeyd Installation139
What Is Honeyd?139
Why Use Honeyd?140
Honeyd Features141
Honeyd Installation154
Summary167
Chapter 6 Honeyd Configuration168
Using Honeyd Command-Line Options168
Creating a Honeyd Runtime Batch File169
Setting Up Honeyd Configuration Files171
Testing Your Honeyd Configuration182
Summary183
Chapter 7 Honeyd Service Scripts184
Honeyd Script Basics184
Default Honeyd Scripts189
Downloadable Scripts195
Custom Scripts197
Summary205
Chapter 8 Other Windows-Based Honeypots206
Back Officer Friendly206
LaBrea207
SPECTER209
PatriotBox229
Jackpot SMTP Tarpit231
More Honeypots236
Summary236
Part Three Honeypot Operations238
Chapter 9 Network Traffic Analysis239
Why Use a Sniffer and an IDS?239
Network Protocol Basics243
Network Protocol Capturing Basics255
Ethereal256
Snort266
Summary284
Chapter 10 Honeypot Monitoring285
Taking Baselines285
Monitoring292
Logging300
Alerting311
Summary316
Chapter 11 Honeypot Data Analysis317
Why Analyze?317
Honeypot Analysis Investigations318
A Structured Forensic Analysis Approach320
Forensic Analysis in Action341
Forensic Tool Web Sites351
Summary352
Chapter 12 Malware Code Analysis353
An Overview of Code Disassembly353
Assembly Language355
Assembler and Disassembler Programs365
Malicious Programming Techniques374
Disassembly Environment376
Disassembly Practice376
Summary377
Index378