Atnaujinkite slapukų nuostatas

Honeypots for Windows 1st ed. [Minkštas viršelis]

2.40/5 (10 ratings by Goodreads)
  • Formatas: Paperback / softback, 424 pages, aukštis x plotis: 235x178 mm, weight: 796 g, 424 p., 1 Paperback / softback
  • Išleidimo metai: 16-Feb-2005
  • Leidėjas: APress
  • ISBN-10: 1590593359
  • ISBN-13: 9781590593356
Kitos knygos pagal šią temą:
Honeypots for Windows 1st ed.Didesnis paveikslėlis
  • Formatas: Paperback / softback, 424 pages, aukštis x plotis: 235x178 mm, weight: 796 g, 424 p., 1 Paperback / softback
  • Išleidimo metai: 16-Feb-2005
  • Leidėjas: APress
  • ISBN-10: 1590593359
  • ISBN-13: 9781590593356
Kitos knygos pagal šią temą:
Pastovi nuoroda: https://www.kriso.lt/db/9781590593356.html
Raktažodžiai:
Installing a honeypot inside your network as an early warning system can significantly improve your security. Currently, almost every book and resource about honeypots comes from a Unix background, which leaves Windows administrators still grasping for help. But Honeypots for Windows is a forensic journeyhelping you set up the physical layer, design your honeypot, and perform malware code analysis.



You'll discover which Windows ports need to be open on your honeypot to fool those malicious hackers, and you'll learn about numerous open source tools imported from the Unix world. Install a honeypot on your DMZ or at home and watch the exploits roll in! Your honeypot will capture waves of automated exploits, and youll learn how to defend the computer assets under your control.
About the Author xv
About the Technical Reviewers xvii
Acknowledgments xix
Introduction xxi
PART 1 Honeypots in General
An Introduction to Honeypots
3(32)
What Is a Honeypot?
3(2)
What Is a Honeynet?
5(1)
Why Use a Honeypot?
5(6)
Low False-Positives
5(2)
Early Detection
7(1)
New Threat Detection
7(1)
Know Your Enemy
8(1)
Defense in Depth
8(1)
Hacking Prevention
8(2)
Internet Simulation Environment
10(1)
Basic Honeypot Components
11(2)
Honeypot Types
13(7)
Honeypot Layers
13(1)
Honeypot Interaction Levels
14(1)
Real Operating System Honeypot
15(1)
Virtual Honeypots
16(4)
Summary of Honeypot Types
20(1)
History of Honeypots
20(6)
Genl Honeypots
21(3)
The Genll Model
24(2)
Future Generations
26(1)
Attack Models
26(6)
Manual Attacks
26(4)
Automated Attack Programs
30(1)
Blended Attacks
31(1)
Summary of Attack Models
32(1)
Risks of Using Honeypots
32(2)
Summary
34(1)
A Honeypot Deployment Plan
35(28)
Honeypot Deployment Steps
35(1)
Honeypot Design Tenets
36(1)
Attracting Hackers
37(1)
Defining Goals
37(4)
Production or Research?
37(2)
Real or Virtual?
39(1)
Hardening a Virtual Honeypot Host
40(1)
Honeypot System Network Devices
41(13)
Hub
41(5)
Bridge
46(1)
Switch
46(1)
Router
47(4)
Firewall
51(1)
Honeywall
51(1)
Honeypot Network Devices Summary
52(2)
Honeypot System Placement
54(5)
External Placement
55(1)
Internal Placement
56(1)
DMZ Placement
57(1)
Honeypot Placement Summary
58(1)
Summary
59(4)
PART 2 Windows Honeypots
Windows Honeypot Modeling
63(26)
What You Need to Know
63(2)
Common Ports and Services
65(3)
Computer Roles
68(4)
Generic Windows Server
68(1)
IIS Server
69(1)
Windows 2000 Domain Controller
69(1)
Windows Workstation
70(1)
SQL Server
70(1)
Exchange Server
71(1)
Services in More Detail
72(11)
RPC
72(1)
NetBIOS
73(5)
RDP
78(1)
Simple TCP/IP Services
78(1)
FTP
79(1)
Telnet Server
80(1)
IIS
80(3)
Exchange Server
83(1)
Common Ports by Platform
83(3)
Common Windows Applications
86(1)
Putting It All Together
87(1)
Summary
88(1)
Windows Honeypot Deployment
89(32)
Decisions to Make
89(7)
Do You Really Need a High-Interaction Honeypot?
90(1)
Real Operating System or Virtual Machine?
90(1)
Which Microsoft Operating System to Choose?
90(3)
Client or Server?
93(1)
Patched or Unpatched?
93(1)
What Support Tools Are Available?
93(1)
Which Services and Applications to Install?
94(1)
SAM or Active Directory?
94(1)
Hacker's Choice?
94(1)
What Hardware Is Required?
95(1)
Installation Guidance
96(4)
Installation Steps
97(2)
Honeypot Installation Tips
99(1)
Hardening Microsoft Windows
100(20)
Physically Securing the Honeypot
100(1)
Installing Necessary Patches
101(2)
Rejecting Defaults
103(1)
Hardening the TCP/IP Stack
104(1)
Removing or Securing Network Shares
104(1)
Filtering Network Traffic
105(1)
Restricting Unauthorized Software Execution
106(11)
Protecting User Accounts
117(1)
Securing Authentication Protocols
118(1)
Automating Security
119(1)
Summary
120(1)
Honeyd Installation
121(30)
What Is Honeyd?
121(1)
Why Use Honeyd?
122(1)
Honeyd Features
123(13)
IP Stack Emulation
123(8)
TCP/IP Port Emulation
131(3)
Honeyd Logging
134(2)
Honeyd Installation
136(13)
Deciding Logistics
137(2)
Hardening the Host
139(1)
Installing WinPcap
140(2)
Installing Cygwin
142(3)
Installing Honeyd
145(1)
Downloading Scripts
146(1)
Installing Snort
146(1)
Installing Ethereal
147(1)
Reviewing the Honeyd Directory Structure
148(1)
Summary
149(2)
Honeyd Configuration
151(16)
Using Honeyd Command-Line Options
151(1)
Creating a Honeyd Runtime Batch File
152(2)
Setting Up Honeyd Configuration Files
154(11)
Configuring Honeyd Templates
154(7)
Assembling Templates in a Honeyd Configuration File
161(4)
Testing Your Honeyd Configuration
165(1)
Summary
166(1)
Honeyd Service Scripts
167(22)
Honeyd Script Basics
167(5)
Common Script Languages
168(2)
Script Input/Output Routines
170(1)
Honeyd Variables
171(1)
Honeyd Configuration File Syntax
171(1)
Default Honeyd Scripts
172(6)
SSH Test Script
172(1)
Cisco Telnet Session Script
173(3)
IIS Web Emulation
176(2)
Downloadable Scripts
178(2)
Custom Scripts
180(8)
A Worm Catcher Script
180(1)
An Offensive Response Script
181(2)
Microsoft FTP Server
183(5)
Summary
188(1)
Other Windows-Based Honeypots
189(34)
Back Officer Friendly
189(1)
LaBrea
190(2)
Installing and Running LaBrea
191(1)
Using LaBrea
191(1)
Specter
192(4)
Setting Up SPECTER
193(1)
Logging and Alerting with SPECTER
194(2)
KFSensor
196(16)
Installing and Running KFSensor
197(1)
Emulating Services with KFSensor
198(10)
Logging and Alerting with KFSensor
208(2)
Configuring KFSensor Listeners and Anti-DoS Settings
210(2)
PatriotBox
212(2)
Emulating Services with PatriotBox
212(2)
Creating Custom PatriotBox Port Listeners
214(1)
Logging and Alerting with PatriotBox
214(1)
Jackpot SMTP Tarpit
214(5)
Installing Jackpot
216(1)
Configuring Jackpot
216(2)
Running Jackpot
218(1)
More Honeypots
219(1)
Summary
219(4)
PART 3 Honeypot Operations
Network Traffic Analysis
223(46)
Why Use a Sniffer and an IDS?
223(4)
Sniffer Benefits
223(2)
IDS Benefits
225(1)
How a Sniffer and IDS Complement Each Other
226(1)
Where to Place the Sniffer and IDS
226(1)
Network Protocol Basics
227(12)
The OSI Model
227(3)
TCP/IP Suite Basics
230(7)
Windows Protocols
237(2)
Network Protocol Capturing Basics
239(1)
Ethereal
240(10)
Viewing Packet Information
241(3)
Using Ethereal Features
244(5)
Using Tcpdump or WinDump with Ethereal
249(1)
Using Built-in Ethereal Command-Line Tools
249(1)
Snort
250(18)
Understanding How Snort Works
250(2)
Installing Snort
252(1)
Configuring Snort
252(16)
Using Snort Click-and-Point
268(1)
Summary
268(1)
Honeypot Monitoring
269(32)
Taking Baselines
269(7)
Host Baselines
272(3)
Network Baselines
275(1)
Monitoring
276(8)
In-Band vs. Out-of-Band Monitoring
276(1)
Monitoring Programs
277(7)
Protection for Monitoring Communications
284(1)
Logging
284(11)
Time Synchronization
285(1)
Logging of Security Events
285(2)
Centralized Data Collection
287(3)
Log File Formats
290(1)
Data Filtering
291(2)
Data Correlation
293(1)
A Honeynet Security Console
294(1)
Useful Information Extraction
294(1)
Log Protection
295(1)
Alerting
295(5)
Alert Considerations
295(1)
Alerting Programs
296(4)
Summary
300(1)
Honeypot Data Analysis
301(36)
Why Analyze?
301(1)
Honeypot Analysis Investigations
302(2)
Automated vs. Manual
302(1)
Initial Compromise
303(1)
After the Initial Compromise
303(1)
A Structured Forensic Analysis Approach
304(21)
Taking the Honeypot Offline
305(1)
Recovering RAM Data
305(1)
Making Copies of the Hard Drive
306(3)
Analyzing Network Traffic
309(2)
Analyzing the File System
311(6)
Analyzing Malicious Code
317(1)
Analyzing the Operating System
318(1)
Analyzing Logs
319(5)
Drawing Conclusions
324(1)
Modifying and Redeploying the Honeypot System
324(1)
Forensic Analysis in Action
325(10)
A KFSensor Honeypot
325(7)
The WhiteDoe Real Honeypot
332(3)
Forensic Tool Web Sites
335(1)
Summary
336(1)
Malware Code Analysis
337(26)
An Overview of Code Disassembly
337(2)
Assembly Language
339(10)
Programming Interfaces
340(5)
Assembly Language Instructions on Computer Platforms
345(4)
Assembler and Disassembler Programs
349(9)
Assemblers
350(3)
Disassemblers
353(4)
Text Editors
357(1)
Malicious Programming Techniques
358(2)
Stealth Mechanisms
358(1)
Encryption
358(1)
Packing
358(1)
Debugger Tricks
359(1)
Disassembly Environment
360(1)
Disassembly Practice
360(1)
Summary
361(2)
Index 363


Roger A. Grimes (CPA, CISSP, MCSE: Security (NT/2000/2003/MVP), CEH, TICSA, Security+, MCT) is a Windows security consultant, instructor, and author. This is Grimes' third book and he has written over a 150 articles for magazines like Windows IT Pro, Microsoft Certified Professional, InfoWorld, Network Magazine, Windows & .NET, and Security Administrator. He is a contributing editor for Windows & .NET, and InfoWorld magazines. Grimes has presented at Windows Connections, MCP TechMentors, and SANS. He was recognized as "Most Valuable Professional" (MVP) by Microsoft, for Windows Server 2003 security. Grimes also writes frequently for Microsoft, including material for two courses on advanced Windows security and Technet. He has taught security to many of the world's largest and most respected organizations, including Microsoft, VeriSign, the U.S. Navy, various universities, and public school systems. Grimes spends his time surrounded by the maddening hum of twelve 1U servers in his home office, monitoring his personal honeypots.