Honeypots have demonstrated immense value in Internet security, but physical honeypot deployment can be prohibitively complex, time-consuming, and expensive. Now, there’s a breakthrough solution. Virtual honeypots share many attributes of traditional honeypots, but you can run thousands of them on a single system-making them easier and cheaper to build, deploy, and maintain.

 

            In this hands-on, highly accessible book, two leading honeypot pioneers systematically introduce virtual honeypot technology. One step at a time, you’ll learn exactly how to implement, configure, use, and maintain virtual honeypots in your own environment, even if you’ve never deployed a honeypot before.

 

You’ll learn through examples, including Honeyd, the acclaimed virtual honeypot created by coauthor Niels Provos. The authors also present multiple real-world applications for virtual honeypots, including network decoy, worm detection, spam prevention, and network simulation.

 

After reading this book, you will be able to:

 

* Compare high-interaction honeypots that provide real systems and services and the low-interaction honeypots that emulate them
* Install and configure Honeyd to simulate multiple operating systems, services, and network environments
* Use virtual honeypots to capture worms, bots, and other malware
* Create high-performance "hybrid" honeypots that draw on technologies from both low- and high-interaction honeypots
* Implement client honeypots that actively seek out dangerous Internet locations
* Understand how attackers identify and circumvent honeypots
* Analyze the botnets your honeypot identifies, and the malware it captures
* Preview the future evolution of both virtual and physical honeypots

 

Издательство: Addison Wesley, 2007

Автор: Niels Provos; Thorsten Holz

Фомат: CHM