|Know Your Enemy : Learning about Security Threats (2nd Edition)|
|author||The Honeynet Project|
|summary||Observe intruders without putting your data at risk by building a tempting honeynet.|
KYE was not written by a single author, rather by The Honeynet Project. They are a group of 30 individuals with complementary technical and legal skills. This diverse authorship creates a book with an abundance of valuable information.
The book details setting up a honeypot (a single host designed to gain the attention of network intruders) and a honeynet (a network designed to be penetrated to understand the motives of the attackers). If you can get an intruder to attack the bogus network, the double benefit is that 1) the attacker can do no damage to production data, while 2) his activities are being monitored, and with analysis can be understood.
The book's premise is that it is not simply enough to know you have enemies; you need to understanding what exactly it is they are doing, how they are doing it, the tools they are employing, and their objectives. Armed with such information, a company can ensure that they are best using their resources to defend and defeat their enemy.
This is the second edition of KYE and honeynets have changed significantly since the first edition came out. With that, the first five chapters of the book goes into what exactly a honeynet is, and then explains the differences between first and second-generation honeynets. The main difference between the editions is that the first edition focused more on honeypots, or individual hosts. The second edition expands that to networks meant to be broken into, namely honeynets.
The opening chapters also go into details about the specific value of honeynets. For those that entertain the idea that their honeynet is going to enable them to catch the next Kevin Mitnick, they will be clearly disappointed. The main benefit of honeypots and honeynets is information. Information is power, especially in computer security. For most hackers, their greatest fear is not necessarily getting caught, but rather having someone watch and gather information on them without their knowledge. And that is exactly what a honeynet attempts to do.
Chapter 8 (written by an attorney from the U.S. Dept. of Justice) concludes part one of the book with a look at the legal issues involved with honeynets. There are legal issues that one needs to take into consideration before rolling out a honeynet. Failing to take their legal issues to heart can change a honeynet from being an invaluable forensics tool into an expensive legal liability. Those in the corporate arena are well served to work with their legal counsel before deploying a honeynet.
Part 2 (chapters 9-15) goes into the important area of analysis. Collecting data, after all, is only the first part. Analyzing it and making sense of it all is the difference between an experienced detective and a Keystone Cop. The analogy is real in that a honeynet is a potential crime scene.
Data analysis and forensics are crucial in that it is the only way to interpret the various types of data involved. The key for those involved is turnout and extracting different types of data and turning that data into valuable information. Effective forensics enables digital investigators to know the difference between an innocuous attack and a malicious one.
While Part 2 is the most technical section of the book, Part 3 (chapters 16-21) attempts to explain the sociological reasons why whitehats and blackhats do what they do. Just as Clarice Starling in The Silence of the Lambs was able to profile Hannibal Lecter, knowing a profile of your adversary is crucial in containing the damage he can do. Identifying and understanding those attacking your system is just as important as the technical and analytical skills you will use in exposing them.
Know Your Enemy is a unique book in that it details how not to simply install and configure security devices, but how to use those devices to ensure a much greater level of security. It shows how you can take an offensive approach to computer security and to understand the mindset of the attacker. That is something not easily found in other books.
The CD-ROM that comes with the book includes 10 of the book's 21 chapters, a number of informative white papers, all of the open source tools that the authors use, and a video about honeynets.
Those who enjoyed Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage by Clifford Stoll will similarly find KYE entertaining and invaluable.
The companion web site for the book is honeynet.org/book. In and of itself, it is a great website, and complements a great book.
Overall, KYE is a most informative book on a fascinating subject. Unlike many computer security books, KYE is light on theory and screen dumps, but heavy on valuable and useful information on security hosts and networks from adversaries. If you are looking for a proactive way to secure your corporate network, Know Your Enemy is the perfect place to start.
You can purchase Know Your Enemy : Learning about Security Threats (2nd Edition) from bn.com. Slashdot welcomes readers' book reviews. To see your own review here, carefully read the book review guidelines, then visit the submission page.