- It's the applications, stupid
- Will a whitelist save personal computing?
- Thousands of Web sites under attack
- To solve the unsolvable problem
- Re-thinking the security of virtual machines
- Security Development Lifecycle trumps code complexity
- Is your Web site FIPS compliant?
- Computer security: Why have least privilege?
- Strategic security: Get a handle on authentication
- Control user installs of software
August 20, 2007 | Comments: (0)
New honeypot book
New honeypot book delivers
Virtual Honeypots: From Botnet Tracking to Intrusion Detection by Niels Provos and Thorsten Holz
As a long-time honeypot and honeyclient professional (and honeypot book author), I had high hopes for this book, and it delivers.
Niels and Thorsten provide a solid reference to beginners and more experienced honeypot users. It covers how to install and use (step-by-step) dozens of honeypot products. The list of what they cover is far too long to cover here, but let's say they cover 95% of what any honeypot enthusiast would want to read about.
My favorite subjects in the book are: User-mode Linux, Honeyd, Honeywall, honey clients, collecting malware with honeypots, tracking botnets, and analyzing malware.
The only downsides I could even come up with is that the book covers a lot of Unix/Linux only products, just like the honeypot world, which might be a put off for Windows-only readers. And it didn't cover Kfsensor, my favorite Windows honeypot product. Other than that, it is an excellent, excellent book, which I would recommend to any honeypot enthusiast.
In the end, what I really liked about this book is its coverage of a wide range of products, and it's practical application to capturing and analyzing malware.
Posted by Roger Grimes on August 20, 2007 06:03 AM
RATE THIS ARTICLE:
-
- COMMENTS
