E-Book, Englisch, 424 Seiten
Grimes Honeypots for Windows
1. ed
ISBN: 978-1-4302-0007-9
Verlag: Apress
Format: PDF
Kopierschutz: 1 - PDF Watermark
E-Book, Englisch, 424 Seiten
ISBN: 978-1-4302-0007-9
Verlag: Apress
Format: PDF
Kopierschutz: 1 - PDF Watermark
* Talks about hardening a Windows host before deploying Honeypot * Covers how to create your own emulated services to fool hackers * Discusses physical setup of Honeypot and network necessary to draw hackers to Honeypot * Discusses how to use Snort to co-exist with Honeypot * Discusses how to use a Unix-style Honeypot to mimic a Windows host * Discusses how to fine-tune a Honeypot * Discusses OS fingerprinting, ARP tricks, packet sniffing, and exploit signatures
Roger A. Grimes (CPA, CISSP, MCSE: Security (NT/2000/2003/MVP), CEH, TICSA, Security+, MCT) is a Windows security consultant, instructor, and author. This is Grimes' third book and he has written over a 150 articles for magazines like Windows IT Pro, Microsoft Certified Professional, InfoWorld, Network Magazine, Windows & .NET, and Security Administrator. He is a contributing editor for Windows & .NET, and InfoWorld magazines. Grimes has presented at Windows Connections, MCP TechMentors, and SANS. He was recognized as 'Most Valuable Professional' (MVP) by Microsoft, for Windows Server 2003 security. Grimes also writes frequently for Microsoft, including material for two courses on advanced Windows security and Technet. He has taught security to many of the world's largest and most respected organizations, including Microsoft, VeriSign, the U.S. Navy, various universities, and public school systems. Grimes spends his time surrounded by the maddening hum of twelve 1U servers in his home office, monitoring his personal honeypots.
Autoren/Hrsg.
Weitere Infos & Material
1;Contents;6
2;About the Author;14
3;About the Technical Reviewers;15
4;Acknowledgments;16
5;Introduction;17
6;Part One Honeypots in General;22
6.1;Chapter 1 An Introduction to Honeypots;23
6.1.1;What Is a Honeypot?;23
6.1.2;What Is a Honeynet?;25
6.1.3;Why Use a Honeypot?;25
6.1.4;Basic Honeypot Components;31
6.1.5;Honeypot Types;33
6.1.6;History of Honeypots;40
6.1.7;Attack Models;46
6.1.8;Risks of Using Honeypots;52
6.1.9;Summary;54
6.2;Chapter 2 A Honeypot Deployment Plan;55
6.2.1;Honeypot Deployment Steps;55
6.2.2;Honeypot Design Tenets;56
6.2.3;Attracting Hackers;57
6.2.4;Defining Goals;57
6.2.5;Honeypot System Network Devices;61
6.2.6;Honeypot System Placement;74
6.2.7;Summary;79
7;Part Two Windows Honeypots;80
7.1;Chapter 3 Windows Honeypot Modeling;81
7.1.1;What You Need to Know;81
7.1.2;Common Ports and Services;83
7.1.3;Computer Roles;86
7.1.4;Services in More Detail;90
7.1.5;Common Ports by Platform;101
7.1.6;Common Windows Applications;104
7.1.7;Putting It All Together;105
7.1.8;Summary;106
7.2;Chapter 4 Windows Honeypot Deployment;107
7.2.1;Decisions to Make;107
7.2.2;Installation Guidance;114
7.2.3;Hardening Microsoft Windows;118
7.2.4;Summary;138
7.3;Chapter 5 Honeyd Installation;139
7.3.1;What Is Honeyd?;139
7.3.2;Why Use Honeyd?;140
7.3.3;Honeyd Features;141
7.3.4;Honeyd Installation;154
7.3.5;Summary;167
7.4;Chapter 6 Honeyd Configuration;168
7.4.1;Using Honeyd Command-Line Options;168
7.4.2;Creating a Honeyd Runtime Batch File;169
7.4.3;Setting Up Honeyd Configuration Files;171
7.4.4;Testing Your Honeyd Configuration;182
7.4.5;Summary;183
7.5;Chapter 7 Honeyd Service Scripts;184
7.5.1;Honeyd Script Basics;184
7.5.2;Default Honeyd Scripts;189
7.5.3;Downloadable Scripts;195
7.5.4;Custom Scripts;197
7.5.5;Summary;205
7.6;Chapter 8 Other Windows-Based Honeypots;206
7.6.1;Back Officer Friendly;206
7.6.2;LaBrea;207
7.6.3;SPECTER;209
7.6.4;PatriotBox;229
7.6.5;Jackpot SMTP Tarpit;231
7.6.6;More Honeypots;236
7.6.7;Summary;236
8;Part Three Honeypot Operations;238
8.1;Chapter 9 Network Traffic Analysis;239
8.1.1;Why Use a Sniffer and an IDS?;239
8.1.2;Network Protocol Basics;243
8.1.3;Network Protocol Capturing Basics;255
8.1.4;Ethereal;256
8.1.5;Snort;266
8.1.6;Summary;284
8.2;Chapter 10 Honeypot Monitoring;285
8.2.1;Taking Baselines;285
8.2.2;Monitoring;292
8.2.3;Logging;300
8.2.4;Alerting;311
8.2.5;Summary;316
8.3;Chapter 11 Honeypot Data Analysis;317
8.3.1;Why Analyze?;317
8.3.2;Honeypot Analysis Investigations;318
8.3.3;A Structured Forensic Analysis Approach;320
8.3.4;Forensic Analysis in Action;341
8.3.5;Forensic Tool Web Sites;351
8.3.6;Summary;352
8.4;Chapter 12 Malware Code Analysis;353
8.4.1;An Overview of Code Disassembly;353
8.4.2;Assembly Language;355
8.4.3;Assembler and Disassembler Programs;365
8.4.4;Malicious Programming Techniques;374
8.4.5;Disassembly Environment;376
8.4.6;Disassembly Practice;376
8.4.7;Summary;377
9;Index;378
