Suchen und Finden
Contents
6
About the Author
14
About the Technical Reviewers
15
Acknowledgments
16
Introduction
17
Part One Honeypots in General
22
Chapter 1 An Introduction to Honeypots
23
What Is a Honeypot?
23
What Is a Honeynet?
25
Why Use a Honeypot?
25
Basic Honeypot Components
31
Honeypot Types
33
History of Honeypots
40
Attack Models
46
Risks of Using Honeypots
52
Summary
54
Chapter 2 A Honeypot Deployment Plan
55
Honeypot Deployment Steps
55
Honeypot Design Tenets
56
Attracting Hackers
57
Defining Goals
57
Honeypot System Network Devices
61
Honeypot System Placement
74
Summary
79
Part Two Windows Honeypots
80
Chapter 3 Windows Honeypot Modeling
81
What You Need to Know
81
Common Ports and Services
83
Computer Roles
86
Services in More Detail
90
Common Ports by Platform
101
Common Windows Applications
104
Putting It All Together
105
Summary
106
Chapter 4 Windows Honeypot Deployment
107
Decisions to Make
107
Installation Guidance
114
Hardening Microsoft Windows
118
Summary
138
Chapter 5 Honeyd Installation
139
What Is Honeyd?
139
Why Use Honeyd?
140
Honeyd Features
141
Honeyd Installation
154
Summary
167
Chapter 6 Honeyd Configuration
168
Using Honeyd Command-Line Options
168
Creating a Honeyd Runtime Batch File
169
Setting Up Honeyd Configuration Files
171
Testing Your Honeyd Configuration
182
Summary
183
Chapter 7 Honeyd Service Scripts
184
Honeyd Script Basics
184
Default Honeyd Scripts
189
Downloadable Scripts
195
Custom Scripts
197
Summary
205
Chapter 8 Other Windows-Based Honeypots
206
Back Officer Friendly
206
LaBrea
207
SPECTER
209
PatriotBox
229
Jackpot SMTP Tarpit
231
More Honeypots
236
Summary
236
Part Three Honeypot Operations
238
Chapter 9 Network Traffic Analysis
239
Why Use a Sniffer and an IDS?
239
Network Protocol Basics
243
Network Protocol Capturing Basics
255
Ethereal
256
Snort
266
Summary
284
Chapter 10 Honeypot Monitoring
285
Taking Baselines
285
Monitoring
292
Logging
300
Alerting
311
Summary
316
Chapter 11 Honeypot Data Analysis
317
Why Analyze?
317
Honeypot Analysis Investigations
318
A Structured Forensic Analysis Approach
320
Forensic Analysis in Action
341
Forensic Tool Web Sites
351
Summary
352
Chapter 12 Malware Code Analysis
353
An Overview of Code Disassembly
353
Assembly Language
355
Assembler and Disassembler Programs
365
Malicious Programming Techniques
374
Disassembly Environment
376
Disassembly Practice
376
Summary
377
Index
378
Alle Preise verstehen sich inklusive der gesetzlichen MwSt.