Know Your Enemy: Learning About Security Threats, 2/e (Paperback)

購買商店

---

Know Your Enemy: Learning About Security Threats, 2/e (Paperback)

$1,815.00

馬上購買

---

內容描述

---

Table of Contents:
Preface. Foreword.
I. THE HONEYNET.

1. The Beginning.

The Honeynet Project.

The Honeynet Research Alliance.

Managing It All: Lessons We've Learned.

Summary.

1. Honeypots.

Definition of Honeypots.

Types of Honeypots.

Uses of Honeypots.

Summary.

1. Honeynets.

The Value of a Honeynet.

The Honeynet Architecture.

Risk.

Types of Honeynets.

Summary.

1. GenI Honeynets.

GenI Honeynet Architecture.

GenI Options for Data Control.

GenI Functionality for Data Capture.

A Complete GenI Honeynet Setup Example.

How It All Works Together: Example Attack
Capture.

Summary.

1. GenII Honeynets.

GenII Honeynet Improvements.

GenII Honeynet Architecture.

GenII Data Control.

Data Capture.

GenII Honeynet Deployment.

Summary.

1. Virtual Honeynets.

What Is a Virtual Honeynet?

Self-Contained Virtual Honeynets.

Hybrid Virtual Honeynets.

Possible Implementation Solutions.

Summary.

1. Distributed Honeynets.

What Is a Distributed Honeynet?

Physical Distribution.

Honeypot Farms.

The Latency Problem.

Setting Up a Honeypot Farm.

Issues Common to All Distributed
Honeynets.

Summary.

1. Legal Issues.

Monitoring Network Users.

Crime and the Honeynet.

Do No Harm: Liability to Others.

Summary.

II. THE ANALYSIS.

1. The Digital Crime Scene.

The Purpose and Value of Data Analysis.

Capturing Different Types of Data Within the
Honeynet.

The Multiple Layers of Data Analysis and Their
Value.

Summary.

1. Network Forensics.

Performing Network Forensics.

Network Traffic 101.

Capturing and Analyzing Network Traffic.

A Case Study from the Honeynet.

Analyzing Nonstandard Protocols.

Common Traffic Patterns for Forensic
Analysts.

Passive Fingerprinting.

Summary.

1. Computer Forensics Basics.

Overview.

Analysis Environment.

Data Acquisition.

Summary.

1. UNIX Computer Forensics.

Linux Background.

Data Acquisition.

The Analysis.

Readiness Steps.

Summary.

1. Windows Computer Forensics.

Windows File Systems.

Data Acquisition.

Analysis of the System.

Analysis with Autopsy and the Sleuth Kit.

Summary.

1. Reverse Engineering.

Introduction.

Static Analysis.

Active Analysis.

A Walkthrough: The Honeynet Reverse
Challenge.

Summary.

Further Reading.

1. Centralized Data Collection and
   Analysis.

Centralizing Data.

The Honeynet Security Console.

Summary.

III. THE ENEMY.

1. Profiling.

A Sociological Analysis of the Whitehat/Blackhat
Community.

"A Bug's Life": The Birth, Life, and Death of an
Exploit.

Intelligence-Based Information Security:
Profiling and Much More.

Bringing It All Together.

Summary.

1. Attacks and Exploits: Lessons
   Learned.

Overview.

Types of Attacks.

Who Is Performing Attacks?

Common Steps to Exploiting a System.

Summary.

1. Windows 2000 Compromise and Analysis.

Honeypot Setup and Configuration.

Honeynet Setup and Configuration.

The Attack Log.

Threat Analysis/Profile.

Lessons Learned for Defense.

Lessons Learned About Attackers.

Summary.

1. Linux Compromise.

Honeynet Setup and Configuration.

Forensics Procedure.

The Days After.

Event Summary.

Summary.

1. Example of Solaris Compromise.

Honeynet Setup and Configuration.

The Events for Day 1.

Day 1 Summary of Events.

The Events for Day 3.

Day 3 Summary of Events.

Profiling of the Intruder.

Summary.

1. The Future.

Distributed Honeynets.

Advanced Threats.

Insider Threats.

Law Enforcement Applications.

Use and Acceptance.

Blackhat Response.

Summary.

Appendix A. IPTables Firewall Script.

Appendix B. Snort Configuration.

Appendix C. Swatch Configuration.

Appendix D. Network Configuration
Summary.
Appendix E. Honeywall Kernel
Configuration.
Appendix F. GenII rc.firewall
Configuration.
Resources and References.
About the Authors.
Index

---