“Honeypots: Tracking Hackers“  is a solid primer to this very necessary technology, which becomes a powerful teaching tool.  It starts with a basic explanation of honeypots and the different trapping roles they can play.  The book moves on to deeper explorations of six kinds of real world honeypot configurations, which include Back Officer Friendly, Specter, HoneyD, Mantrap, Homemade Honeypots and Honeynets.

What really makes this book thorough is a chapter focused on legal issues surrounding honeypot use. Three legal experts actually contributed to this section of the book. Crucial areas covered are entrapment, privacy and organizational liability. The book leaves no stone unturned by covering the Fourth Amendment, the Electronic Communications Privacy Act, the Wiretap Act, and the Pen Trap Statute. All these important areas are covered from the angle of how each relates to implementations of honeypots.

This book is definitely aimed at many levels of honeypot knowledge, from beginner to advanced technologists.  With this book you will gain an understanding of honeypot concepts and architecture, as well as the skills to deploy the best honeypot solutions for your environment. You will arm yourself with the expertise needed to track attackers and learn about them on your own.  In addition to technology staff, security professionals, researchers, law enforcement agents, and members of the intelligence and military communities will find this book indispensable.

Lance Spitzner spends quite a bit of time, in several chapters, to cover honeypot maintenance and how to interpret the data analysis being captured. Spitzner places a decent amount of emphasis to point out that honeypots are not just one time setups that you throw out on to your network and wait for the arrival of attackers. Honepots require constant monitoring  and must be properly maintained.  Otherwise, a honeypot only provides a firm grip on an empty learning sack with no real education being accomplished. “Honeypots: Tracking Hackers” is a very timely and informative reference guide for all email administrators to keep within easy reach.

One reason organizations implement honeypots is to identify malicious botnets.  A honeypot, which is a fake network, is designed to attract and analyze botnet activity. In order for the honeypots to educate us with data, we need to develop a better understanding of how botnets achieve their missions. Let’s review potential activities performed by some of the various types of botnets.

1. Distributing Malware
Many times botnets are used to quickly distribute new bots on open networks. For our botnet friends this is actually not very hard to accomplish. The reason this is easy is due to bots being able to potentially implement scripts for downloading and executing any file via HTTP or FTP. This is exactly how email viruses are spread using a replicating botnet. In a very short period of time a self replicating botnet can hook into 10,000 computer hosts. This sets up a staging platform for exponentially spreading a mail virus around the world, in a very short period of time.

Continue reading 5 Lessons that Botnets teach Honeypots

The Swiss Security Blog (SSB) published results of research performed from honeypots implemented on their network. This is a small example of the benefits of honeypots, while exposing the potential damage new Trojans accomplish everyday.  Security Honeypots are closely monitored network decoys serving several purposes:

- distract adversaries from more valuable machines on a network

- act as an early warning system for new attack and exploitation trends

- allow in-depth examination of adversaries during and after the exploitation of a honeypot.

Continue reading 15 Countries most affected by security honeypots