Book Review: Honeypots: Tracking Hackers
Book Review: Honeypots: Tracking Hackers
Knowing essentially nothing about honeypots and the honeynet project going into this book, I thought I was going to have some difficulty grasping the concepts. Even worse, I thought I was going to have to do some extra reading to understand the book. I was nothing short of completely incorrect.
Tracking Hackers by Lance Spitzner is fantastically written. The detailed definitions and descriptions make it a great book even for the honeypot novice to understand. It grabs your attention right from the very beginning, holds it to the end and leaves you wanting more.
|Title||Honeypots: Tracking Hackers|
|Publisher||Addison Wesley Professional|
|Edition||1st edition (September 10, 2002)|
|Purchase||Barnes and Noble|
This book was written for beginning to intermediate users. It is necessary to note that this book covers topics that should be understood by more than just the technical leads that implement the honeypots. It also discusses legal issues and considerations that could be used by management to determine weather a honeypot is a necessary entity in the corporation.
The book begins by speaking about the interests of the author and how his fascination with honeypots began and continues. The first story in the book is actually about Lance Spitzner's first honeypot experience. It starts the book out with a real attention grabber. Spitzner states and restates his dislike for the confusion regarding honeypots. He believes this led to the slow adoption in mainstream security. It becomes more and more apparent throughout the book that one of his motivations for writing this book was to attempt to clear up some of this confusion. He also integrates humorous anecdotes including the one about his first honeypot. This experience ended with his wife smiling at him and saying "I told you you should have pulled the plug." (8).
To ensure that you, and he are on the same page, he devotes multiple chapters to ensuring that a solid definition for honeypots is stated. This definition includes the history and evolution of honeypots into what they are today. He also details various ways to incorporate honeypots into your current network infrastructure and security architecture.
One of the most difficult things to do in any aspect of design is to know what questions to ask and what criteria to look for when finding an answer. Spitzner provides you with not only the questions, but also different answers for different solutions. Rarely are there two identical networks with identical sets of needs. So why should honeypot solutions be the same way.
A solid portion of this book is dedicated to specific honeypot solutions. The following six honeypot solutions are discussed: Back Officer Friendly, Specter, HoneyD, Mantrap, Homemade Honeypots, and Honeynets. Within each of these chapters, which are sorted from least to most interaction necessary to support the honeypots, are questions which should be asked to decide if that particular honeypot is right for you. Each chapter also covers the amount of risk and the amount of data captured with regards to each individual honeypot. These solutions cover everything from a simple port listener to having an entire honeynet. The port listener is covered in an interesting chapter which talks about home grown honeypot solutions.
Since this book is aimed to many levels of users, Spitzner takes the next few chapters to talk about maintaining a honeypot and analyzing the data it captures. A very important point that he stresses is that a honeypot is not just a one-time setup that you throw out on to your network and wait for it be attacked. It must be constantly monitored and properly maintained or as Spitzner says, "They require constant care and feeding." (309) The data must also be properly analyzed and interpreted otherwise the reason for a honeypot is almost nullified.
Another interesting aspect to this book are the two case studies. They show how a honeypot can be applied to two separate types of networks with two completely different functions. He outlined the questions and their answers that led up to the placement of the honeypot on each network. He finishes this chapter with the big question, which leads right into the next and last chapter.
The last, and probably most important issue discussed in this book is the legal aspects of honeypots. Spitzner does a great job of dispelling the myths regarding honeypots and entrapment. To ensure credibility and accurate information, he gets feedback from a Department of Justice official. He also covers the legal issues that surround data capturing problems like wiretapping.
The most engrossing piece to this book was the enthusiasm that nearly jumped off the page to hold your attention. Spitzner's enthusiasm and humor makes this book more than a just great reference, but also a fun read.
The fact that so much time is dedicated is to ensuring the reader has a solid understanding of honeypots is what makes this book a great read for beginning to intermediate users. One of the characteristics of this book that makes it such a great reference is that every chapter contains references to the information covered in that specific chapter.
Providing questions and answers for all levels of users is one of the most attractive features of this book. It allows those not yet taking advantage of the technology in their work environment know weather or not is something they want to be doing. If it is something that they want to do, then the questions to propose to management along with the related legal issues are all right at your fingertips (along with references).
After reading this book, I was so intruiged by the concept of honeypots that I decided to set up my own. Using his example of setting up a honeypot as a catch-all for any packet that does have an allowed route through the firewall, I am adjusting my home network accordingly.
Tracking Hackers is packed full of information in an easy to understand fashion. I recommend this book to anyone even remotely thinking about becoming interested in honeypots or honeynet technologies. It will be well worth the time.
- 17 May 2000 Interview
- 1 September 2000 Interview
- 6 April 2001 Interview
- Know Your Enemy: Honeynets
- Review the Honeynet Project's Know Your Enemy
- The Honeynet Project
- Honeynet Challenges