Virtual Honeypots: From Botnet Tracking to Intrusion Detection

Front Cover
Pearson Education, Jul 16, 2007 - Computers - 480 pages

Honeypots have demonstrated immense value in Internet security, but physical honeypot deployment can be prohibitively complex, time-consuming, and expensive. Now, there’s a breakthrough solution. Virtual honeypots share many attributes of traditional honeypots, but you can run thousands of them on a single system-making them easier and cheaper to build, deploy, and maintain.

In this hands-on, highly accessible book, two leading honeypot pioneers systematically introduce virtual honeypot technology. One step at a time, you’ll learn exactly how to implement, configure, use, and maintain virtual honeypots in your own environment, even if you’ve never deployed a honeypot before.

You’ll learn through examples, including Honeyd, the acclaimed virtual honeypot created by coauthor Niels Provos. The authors also present multiple real-world applications for virtual honeypots, including network decoy, worm detection, spam prevention, and network simulation.

After reading this book, you will be able to

  • Compare high-interaction honeypots that provide real systems and services and the low-interaction honeypots that emulate them
  • Install and configure Honeyd to simulate multiple operating systems, services, and network environments
  • Use virtual honeypots to capture worms, bots, and other malware
  • Create high-performance "hybrid" honeypots that draw on technologies from both low- and high-interaction honeypots
  • Implement client honeypots that actively seek out dangerous Internet locations
  • Understand how attackers identify and circumvent honeypots
  • Analyze the botnets your honeypot identifies, and the malware it captures
  • Preview the future evolution of both virtual and physical honeypots
 

Other editions - View all

Common terms and phrases

About the author (2007)

Niels Provos received a Ph.D. from the University of Michigan in 2003, where he studied experimental and theoretical aspects of computer and network security. He is one of the OpenSSH creators and known for his security work on OpenBSD. He developed Honeyd, a popular open source honeypot platform; SpyBye, a client honeypot that helps web masters to detect malware on their web pages; and many other tools such as Systrace and Stegdetect. He is a member of the Honeynet Project and an active contributor to open source projects. Provos is currently employed as senior staff engineer at Google, Inc.

Thorsten Holz is a Ph.D. student at the Laboratory for Dependable Distributed Systems at the University of Mannheim, Germany. He is one of the founders of the German Honeynet Project and a member of the Steering Committee of the Honeynet Research Alliance. His research interests include the practical aspects of secure systems, but he is also interested in more theoretical considerations of dependable systems. Currently, his work concentrates on bots/botnets, client honeypots, and malware in general. He regularly blogs at http://honeyblog.org.

Bibliographic information