Know Your Enemy: Learning About Security Threats, 2/e (Paperback)

Honeynet Project The

  • 出版商: Addison Wesley
  • 出版日期: 2004-05-17
  • 售價: $1,815
  • 貴賓價: 9.5$1,724
  • 語言: 英文
  • 頁數: 800
  • 裝訂: Paperback
  • ISBN: 0321166469
  • ISBN-13: 9780321166463
  • 相關分類: 資訊安全
  • 立即出貨 (庫存=1)

買這商品的人也買了...

相關主題

商品描述

Table of Contents:

Preface.


Foreword.

I. THE HONEYNET.

1. The Beginning.

The Honeynet Project.

The Honeynet Research Alliance.

Managing It All: Lessons We've Learned.

Summary.

2. Honeypots.

Definition of Honeypots.

Types of Honeypots.

Uses of Honeypots.

Summary.

3. Honeynets.

The Value of a Honeynet.

The Honeynet Architecture.

Risk.

Types of Honeynets.

Summary.

4. GenI Honeynets.

GenI Honeynet Architecture.

GenI Options for Data Control.

GenI Functionality for Data Capture.

A Complete GenI Honeynet Setup Example.

How It All Works Together: Example Attack Capture.

Summary.

5. GenII Honeynets.

GenII Honeynet Improvements.

GenII Honeynet Architecture.

GenII Data Control.

Data Capture.

GenII Honeynet Deployment.

Summary.

6. Virtual Honeynets.

What Is a Virtual Honeynet?

Self-Contained Virtual Honeynets.

Hybrid Virtual Honeynets.

Possible Implementation Solutions.

Summary.

7. Distributed Honeynets.

What Is a Distributed Honeynet?

Physical Distribution.

Honeypot Farms.

The Latency Problem.

Setting Up a Honeypot Farm.

Issues Common to All Distributed Honeynets.

Summary.

8. Legal Issues.

Monitoring Network Users.

Crime and the Honeynet.

Do No Harm: Liability to Others.

Summary.

II. THE ANALYSIS.

9. The Digital Crime Scene.

The Purpose and Value of Data Analysis.

Capturing Different Types of Data Within the Honeynet.

The Multiple Layers of Data Analysis and Their Value.

Summary.

10. Network Forensics.

Performing Network Forensics.

Network Traffic 101.

Capturing and Analyzing Network Traffic.

A Case Study from the Honeynet.

Analyzing Nonstandard Protocols.

Common Traffic Patterns for Forensic Analysts.

Passive Fingerprinting.

Summary.

11. Computer Forensics Basics.

Overview.

Analysis Environment.

Data Acquisition.

Summary.

12. UNIX Computer Forensics.

Linux Background.

Data Acquisition.

The Analysis.

Readiness Steps.

Summary.

13. Windows Computer Forensics.

Windows File Systems.

Data Acquisition.

Analysis of the System.

Analysis with Autopsy and the Sleuth Kit.

Summary.

14. Reverse Engineering.

Introduction.

Static Analysis.

Active Analysis.

A Walkthrough: The Honeynet Reverse Challenge.

Summary.

Further Reading.

15. Centralized Data Collection and Analysis.

Centralizing Data.

The Honeynet Security Console.

Summary.

III. THE ENEMY.

16. Profiling.

A Sociological Analysis of the Whitehat/Blackhat Community.

"A Bug's Life": The Birth, Life, and Death of an Exploit.

Intelligence-Based Information Security: Profiling and Much More.

Bringing It All Together.

Summary.

17. Attacks and Exploits: Lessons Learned.

Overview.

Types of Attacks.

Who Is Performing Attacks?

Common Steps to Exploiting a System.

Summary.

18. Windows 2000 Compromise and Analysis.

Honeypot Setup and Configuration.

Honeynet Setup and Configuration.

The Attack Log.

Threat Analysis/Profile.

Lessons Learned for Defense.

Lessons Learned About Attackers.

Summary.

19. Linux Compromise.

Honeynet Setup and Configuration.

Forensics Procedure.

The Days After.

Event Summary.

Summary.

20. Example of Solaris Compromise.

Honeynet Setup and Configuration.

The Events for Day 1.

Day 1 Summary of Events.

The Events for Day 3.

Day 3 Summary of Events.

Profiling of the Intruder.

Summary.

21. The Future.

Distributed Honeynets.

Advanced Threats.

Insider Threats.

Law Enforcement Applications.

Use and Acceptance.

Blackhat Response.

Summary.

Appendix A. IPTables Firewall Script.

Appendix B. Snort Configuration.

Appendix C. Swatch Configuration.

Appendix D. Network Configuration Summary.

Appendix E. Honeywall Kernel Configuration.

Appendix F. GenII rc.firewall Configuration.

Resources and References.

About the Authors.

Index

商品描述(中文翻譯)

目錄:


前言。


序言。


I. 蜜罐網絡。



1. 起源。



蜜罐計劃。



蜜罐研究聯盟。



管理一切:我們所學到的教訓。



摘要。



2. 蜜罐。



蜜罐的定義。



蜜罐的類型。



蜜罐的用途。



摘要。



3. 蜜罐網絡。



蜜罐的價值。



蜜罐網絡架構。



風險。



蜜罐網絡的類型。



摘要。



4. 第一代蜜罐網絡。



第一代蜜罐網絡架構。



第一代蜜罐網絡的數據控制選項。



第一代蜜罐網絡的數據捕獲功能。



完整的第一代蜜罐網絡設置示例。



它們如何共同運作:攻擊捕獲示例。



摘要。



5. 第二代蜜罐網絡。



第二代蜜罐網絡的改進。



第二代蜜罐網絡架構。



第二代蜜罐網絡的數據控制。



數據捕獲。



第二代蜜罐網絡的部署。



摘要。



6. 虛擬蜜罐網絡。



什麼是虛擬蜜罐網絡?



獨立的虛擬蜜罐網絡。



混合虛擬蜜罐網絡。



可能的實施解決方案。



摘要。



7. 分散式蜜罐網絡。



什麼是分散式蜜罐網絡?



物理分佈。



蜜罐農場。



延遲問題。



建立蜜罐農場。



所有分散式蜜罐網絡的共同問題。



摘要。



8. 法律問題。



監控網絡用戶。



犯罪和蜜罐。



不造成傷害:對他人的責任。



摘要。


II. 分析。



9. 數字犯罪現場。