Book of the Month – VIRTUAL HONEYPOTS

Honeypots have been the best mechanism to trace the real security threats in the wild whether it may be hacker attacks, worms or botnets. In today’s world, where deploying and setting up physical honeypots are not only complex but also costly in terms of time and money, virtual honeypots helps in great extent by making it easier, cheaper and faster.

In this direction,   this book  ‘Virtual Honeypots – From Botnet Tracking to Intrusion Detection’ is a great technical resource not only to understand but also setup one’s own virtual honeypot within no time.

Here is the table of contents,

Chapter 1 Honeypot and Networking Background

Chapter 2 High-Interaction Honeypots

Chapter 3 Low-Interaction Honeypots

Chapter 4 Honeyd-The Basics

Chapter 5 Honeyd-Advanced Topics

Chapter 6 Collecting Malware with Honeypots

Chapter 7 Hybrid Systems

Chapter 8 Client Honeypots

Chapter 9 Detecting Honeypots

Chapter 10 Case Studies

Chapter 11 Tracking Botnets

Chapter 12 Analyzing Malware with CWSandbox

It starts with basics of honeypots which is useful for novice users to understand the concepts. Next 2 chapters explains differences between high & low interaction honeypots starting with advantages/disadvantages of each types, how to defend them from attackers etc.   It also explains in detail how to setup your own honeypot (any of the above types) using Vmware, Labrea, Google Hack Honeypot etc. Then it goes on describing Honeyd,  a popular virtual honeypot created by coauthor Niels Provos. It covers basics as well advanced configuration of Honeyd to simulate multiple operating systems, services, and network environments.

Most Antivirus vendors setup their own honeypots to collect viruses spreading in the wild.  This book has complete chapter on this topic which explains how one can capture malwares using honeypots such as Nepenthes, Honeytrap etc. Next it explains how to build ‘hybrid’ honeypots which can yield best of both low & high-interaction honeypot technologies. Chapter on client honeypots focus on how to effectively use honeypots at client side to detect and evade against any of the client side threats.

In chapter 9, author explains how attackers detect and escape from honeypots. It is very insightful read which greatly helps in securing and strengthening the honeypot to prevent and stand against the hackers. Next chapter on case studies is filled with real life examples demonstrating various honeypot scenarios.

Botnets are one of the most troublesome security threats which are hard to detect due to their clairvoyance nature and also there are not much tools to detect their presence. In this book, authors explain on how one can easily detect and track such botnets using virtual honeypot setup. Final chapter throws light on how to safely analyze malwares trapped by honeypots using CWSandbox.

The book is very well written which makes it very enjoyable read even though it is filled with great technical content.

In short, this books cuts off all those rating levels to emerge as one of the best written book on Honeypots and it is highly recommended to anyone who wants to know everything  about it.

ebook link:


Similar posts
  • Microsoft MCSE Certification: Your Ne... Microsoft MCSE is the most in-demand certification for all those professionals who work in the Information Technology industry. Most IT companies prefer hiring those workers who carry the Microsoft MCSE certificate. That is why most of the IT job applicants today try to get certified by Microsoft. In the competitive job market, MCSE helps an [...]
  • Computer Security Tips: Stay Safe Onl... In recent times cyber security has raised the level of awareness and public consciousness as never before. Both large corporations and big organizations try to take care of online security as much as they can. That’s why cyber criminals and hackers have focused more on smaller companies and single entrepreneurs. This awful tendency leads to [...]
  • SecurityXploded Mentorship Programme ... I am writing this blog to share my SecurityXploded Student Mentorship Programme experience with the future students of this programme. My mentorship programme started last year in August when I was in 2nd year of MS at IIIT-Allahabad. I knew about SecurityXploded community since I used to follow their blogs, training programmes and security tools [...]
  • Code Injection and API Hooking Techni... Hooking covers a range of techniques used for many purposes like debugging, monitoring, intercepting messages, extending functionality etc. Hooking is also used by a lot of rootkits to camouflage themselves on the system. Rootkits use various hooking techniques when they have to hide a process, hide a network port, redirect file writes to some different [...]
  • Announcement – SecurityXploded ... From the past two years we are working actively on couple of projects to support the security community. As you all may already know that we have successfully completed our reversing and malware analysis training programme and we are very glad that it was very helpful for everyone. In my opinion the success of any [...]

Leave a Reply