Honeypots have been the best mechanism to trace the real security threats in the wild whether it may be hacker attacks, worms or botnets. In today’s world, where deploying and setting up physical honeypots are not only complex but also costly in terms of time and money, virtual honeypots helps in great extent by making it easier, cheaper and faster.
In this direction, this book ‘Virtual Honeypots – From Botnet Tracking to Intrusion Detection’ is a great technical resource not only to understand but also setup one’s own virtual honeypot within no time.
Here is the table of contents,
Chapter 1 Honeypot and Networking Background
Chapter 2 High-Interaction Honeypots
Chapter 3 Low-Interaction Honeypots
Chapter 4 Honeyd-The Basics
Chapter 5 Honeyd-Advanced Topics
Chapter 6 Collecting Malware with Honeypots
Chapter 7 Hybrid Systems
Chapter 8 Client Honeypots
Chapter 9 Detecting Honeypots
Chapter 10 Case Studies
Chapter 11 Tracking Botnets
Chapter 12 Analyzing Malware with CWSandbox
It starts with basics of honeypots which is useful for novice users to understand the concepts. Next 2 chapters explains differences between high & low interaction honeypots starting with advantages/disadvantages of each types, how to defend them from attackers etc. It also explains in detail how to setup your own honeypot (any of the above types) using Vmware, Labrea, Google Hack Honeypot etc. Then it goes on describing Honeyd, a popular virtual honeypot created by coauthor Niels Provos. It covers basics as well advanced configuration of Honeyd to simulate multiple operating systems, services, and network environments.
Most Antivirus vendors setup their own honeypots to collect viruses spreading in the wild. This book has complete chapter on this topic which explains how one can capture malwares using honeypots such as Nepenthes, Honeytrap etc. Next it explains how to build ‘hybrid’ honeypots which can yield best of both low & high-interaction honeypot technologies. Chapter on client honeypots focus on how to effectively use honeypots at client side to detect and evade against any of the client side threats.
In chapter 9, author explains how attackers detect and escape from honeypots. It is very insightful read which greatly helps in securing and strengthening the honeypot to prevent and stand against the hackers. Next chapter on case studies is filled with real life examples demonstrating various honeypot scenarios.
Botnets are one of the most troublesome security threats which are hard to detect due to their clairvoyance nature and also there are not much tools to detect their presence. In this book, authors explain on how one can easily detect and track such botnets using virtual honeypot setup. Final chapter throws light on how to safely analyze malwares trapped by honeypots using CWSandbox.
The book is very well written which makes it very enjoyable read even though it is filled with great technical content.
In short, this books cuts off all those rating levels to emerge as one of the best written book on Honeypots and it is highly recommended to anyone who wants to know everything about it.
ebook link: http://rghost.net/2011196