Robert Hurlbut Blog

Thoughts on Software Security, Software Architecture, Software Development, and Agility

Book: Honeypots for Windows

Friday, July 8, 2005 Comments

 Books  Personal  Security 
Share:   Share on LinkedIn    Share on Twitter    Share on Facebook   

I received this book, Honeypots for Windows by Roger A. Grimes (published by Apress), a couple of months ago to review. I have read a chapter hear and there, but finally got some time last weekend to really sit down with it and go through some of the examples and steps to set up a real honeypot on a Windows system.

Roger does a great job of describing what a honeypot is, and how to build them with Windows systems, including networking essentials and use of Virtual PC images. Usually, most books and articles on honeypots talk about using Unix systems, so this is refreshing. If you don't know, a honeypot is a system that is either fully or mostly exposed to the internet to allow hackers/attackers to break into the exposed system. After this is done, you take the system down and determine what kinds of attacks were performed as well as possible new exploits. In essense, honeypots are learning tools, and a very important "weapon". In order to successfully determine what was done to the system, you need external paket sniffing and IDS tools (Roger covers setting up Ethereal and Snort, respectively) as well as forensic analysis. For more general information, see The Honeynet Project for articles and forensic analysis teasers to hone your skills.

I highly recommend this very readable book. You will better understand one of the best network security tools in use today as well as how to lock down your own systems.

Share:   Share on LinkedIn    Share on Twitter    Share on Facebook