Know Your Enemy: Revealing the Security Tools, Tactics, and Motives of the Black

The Honeynet Project

  • 出版商: Addison Wesley
  • 出版日期: 2001-08-31
  • 定價: $1,200
  • 售價: 3.3$399
  • 語言: 英文
  • 頁數: 352
  • 裝訂: Paperback
  • ISBN: 0201746131
  • ISBN-13: 9780201746136
  • 相關分類: 資訊安全
  • 立即出貨(限量)

買這商品的人也買了...

相關主題

商品描述

For centuries, military organizations have relied on scouts to gather intelligence about the enemy. The scouts' mission was to find out who the enemy was, what they were doing, how they might attack, the weapons they use, and their ultimate objectives. Time and again this kind of data has proven critical in defending against, and defeating, the enemy.

In the field of information security, scouts have never existed. Very few organizations today know who their enemy is or how they might attack; when they might attack; what the enemy does once they compromise a system; and, perhaps most important, why they attack.

The Honeynet Project is changing this. A research organization of thirty security professionals, the group is dedicated to learning the tools, tactics, and motives of the blackhat community. As with military scouts, the mission is to gather valuable information about the enemy.

The primary weapon of the Honeynet Project is the Honeynet, a unique solution designed to capture and study the blackhat's every move. In this book you will learn in detail not only what the Honeynet Project has discovered about adversaries, but also how Honeynets are used to gather critical information.

Know Your Enemy includes extensive information about

  • The Honeynet: A description of a Honeynet; information on how to plan, build, and maintain one; and coverage of risks and other related issues.
  • The Analysis: Step-by-step instructions on how to capture and analyze data from a Honeynet.
  • The Enemy: A presentation of what the project learned about the blackhat community, including documented compromised systems.

Aimed at both security professionals and those with a nontechnical background, this book teaches the technical skills needed to study a blackhat attack and learn from it. The CD includes examples of network traces, code, system binaries, and logs used by intruders from the blackhat community, collected and used by the Honeynet Project.

Table of Contents

Preface.
Foreword.
1. The Battleground.

I: THE HONEYNET.

2. What a Honeynet Is.

Honeypots.
Honeynets.
Value of a Honeynet.
The Honeypots in the Honeynet.

Summary.


3. How a Honeynet Works.

Data Control.
Data Capture.
Access Control Layer.
Network Layer.
System Layer.
Off-Line Layer.

Social Engineering.
Risk.
Summary.


4. Building a Honeynet.

Overall Architecture.
Data Control.
Data Capture.
Maintaining a Honeynet and Reacting to Attacks.
Summary.

II: THE ANALYSIS.


5. Data Analysis.

Firewall Logs.
IDS Analysis.
System Logs.
Summary.


6. Analyzing a Compromised System.

The Attack.
The Probe.
The Exploit.
Gaining Access.
The Return.
Analysis Review.
Summary.


7. Advanced Data Analysis.

Passive Fingerprinting.
The Signatures.
The ICMP Example.

Forensics.
Summary.


8. Forensic Challenge.

Images.
The Coroner's Toolkit.
MAC Times.
Deleted Inodes.
Data Recovery.
Summary.

III: THE ENEMY.


9. The Enemy.

The Threat.
The Tactics.
The Tools.
The Motives.
Changing Trends.
Summary.


10. Worms at War.

The Setup.
The First Worm.
The Second Worm.
The Day After.
Summary.


11. In Their Own Words.

The Compromise.
Reading the IRC Chat Sessions.
Day 1, June 4.
Day 2, June 5.
Day 3, June 6.
Day 4, June 7.
Day 5, June 8.
Day 6, June 9.
Day 7, June 10.

Analyzing the IRC Chat Sessions.
Profiling Review.
Psychological Review.

Summary.


12. The Future of the Honeynet.

Future Developments.
Conclusion.


Appendix A. Snort Configuration.

Snort Start-Up Script.
Snort Configuration File, snort.conf..


Appendix B. Swatch Configuration File.
Appendix C. Named NXT HOWTO.
Appendix D. NetBIOS Scans.
Appendix E. Source Code for bj.c.
Appendix F. TCP Passive Fingerprint Database.
Appendix G. ICMP Passive Fingerprint Database.
Appendix H. Honeynet Project Members.

商品描述(中文翻譯)

多個世紀以來,軍事組織一直依賴斥候收集有關敵人的情報。斥候的任務是找出敵人是誰,他們在做什麼,他們可能如何進攻,他們使用的武器,以及他們的最終目標。這種數據一次又一次地被證明在防禦和擊敗敵人方面至關重要。

在信息安全領域,從未存在過斥候。今天很少有組織知道誰是他們的敵人,他們可能如何進攻,何時進攻,敵人一旦入侵系統後會做什麼,以及也許最重要的是,為什麼他們進攻。

Honeynet計劃正在改變這一點。這個由30名安全專業人員組成的研究組織致力於了解黑帽社區的工具、戰術和動機。與軍事斥候一樣,任務是收集有關敵人的有價值信息。

Honeynet計劃的主要武器是Honeynet,這是一個獨特的解決方案,旨在捕獲並研究黑帽的每一個動作。在這本書中,您將詳細了解Honeynet計劃發現的有關對手的信息,以及如何使用Honeynet收集關鍵信息。

《了解你的敵人》包含廣泛的信息,包括:

- Honeynet:關於Honeynet的描述;如何計劃、構建和維護一個Honeynet;以及風險和其他相關問題的涵蓋範圍。
- 分析:關於如何從Honeynet中捕獲和分析數據的逐步指南。
- 敵人:介紹了該計劃對黑帽社區的了解,包括記錄的受攻擊系統。

本書旨在面向安全專業人員和非技術背景的讀者,教授研究黑帽攻擊並從中學習所需的技術技能。附帶的CD包含黑帽社區的入侵者使用的網絡跟踪、代碼、系統二進制文件和日誌的示例,這些示例由Honeynet計劃收集和使用。

目錄:

前言
序言
第1章:戰場

第I部分:Honeynet
第2章:Honeynet是什麼
第3章:Honeynet的工作原理
第4章:構建Honeynet

第II部分:分析
第5章:數據分析
第6章:分析受攻擊系統
第7章:高級數據分析
第8章:法醫挑戰

第III部分:敵人
第9章:敵人