"Virtual Honeypots" is a must-read book that should be added to any security professional's bookshelf today. It's my "analyst's choice" for the month of August and well worth going out to your local bookstore to pick up a copy.
Niels Provos and Thorsten Holz provide one of the best reference guides to honeypots currently available. The authors--Provos is a staff engineer at Google, and Holz a Ph.D. student at the University of Mannheim--go through the development of the honeypot through the lens of network and system monitoring. By setting up an observation system to see how it is probed, attacked or compromised, IT security pros can get a better idea of how to defend the systems under their care.
While the book is easily accessible to any IT person, those with at least some experience with Linux--and with the willingness to use a Linux-based platform--will get the most out of the 480-page, $49.99 book.
The authors detail the theory and practice, along with a few warnings about the possible legal implications, of setting up a honeypot. There are clear instructions on the tools needed to create a virtual honeypot, all of which are available for download. Even IT practitioners with shallow pockets will be able to use the book to get in the door of understanding and using a honeypot.
The book is consistently clear. While I was challenged at various points in using the book, it was never because I couldn't understand what the authors were explaining. There are quite a few books I've seen in the last year or so that appeared to have been spit out without much concern for actually explaining the subject matter. Have no fear that in plunking down your dollars (and I saw this book for as little as $21 plus shipping) you'll be paid back in greater understanding of honeypot implementation and operation. You'll also get insight into how to analyze attacks on network and system resources. And, best of all, this knowledge will help you defend against these attacks.
"Virtual Honeypots" also provides a good primer on botnets. The topic of botnets lately tends to generate quite a bit of heat. The authors provide a neat history of bots, how they are used today and what to look for when using a honeypot to detect this type of threat. "Virtual Honeypots" provides a careful explaination of these types of attacks and does a service in helping IT security managers to explain the threat to business managers.
Virtual Honeypots: From Botnet Tracking to Intrusion Detection by Niels Provos; Thorsten Holz Publisher: Addison Wesley Professional Pub Date: July 16, 2007 Print ISBN-10: 0-321-33632-1 Print ISBN-13: 978-0-321-33632-3 Pages: 480