Describe Legal issues of using honeypots and future of honeypots? ( provide example also)Requirement:3 page minimum Attached material must be used as sources and references in addition use other credible sources as well.Citation in APA format
honey_pot_book.pdf
cyberlaw_101_primer_laws_related_honeypot_deployments_1746.pdf
Unformatted Attachment Preview
Honeypots: Tracking Hackers
By Lance Spitzner
Publisher: Addison Wesley
Pub Date: September 13, 2002
ISBN: 0-321-10895-7
Pages: 480
• Examples
Copyright
Foreword: Giving the Hackers a Kick Where It Hurts
Preface
Audience
CD-ROM
Web Site
References
Network Diagrams
About the Author
Acknowledgments
Chapter 1. The Sting: My Fascination with Honeypots
The Lure of Honeypots
How I Got Started with Honeypots
Perceptions and Misconceptions of Honeypots
Summary
References
Chapter 2. The Threat: Tools, Tactics, and Motives of Attackers
Script Kiddies and Advanced Blackhats
Everyone Is a Target
Methods of Attackers
Motives of Attackers
Adapting and Changing Threats
Summary
References
Chapter 3. History and Definition of Honeypots
The History of Honeypots
Definitions of Honeypots
Summary
References
Chapter 4. The Value of Honeypots
Advantages of Honeypots
Disadvantages of Honeypots
The Role of Honeypots in Overall Security
Honeypot Policies
Summary
References
Chapter 5. Classifying Honeypots by Level of Interaction
Tradeoffs Between Levels of Interaction
Low-Interaction Honeypots
Medium-Interaction Honeypots
High-Interaction Honeypots
An Overview of Six Honeypots
Summary
References
Chapter 6. BackOfficer Friendly
Overview of BOF
The Value of BOF
How BOF Works
Installing, Configuring, and Deploying BOF
Information Gathering and Alerting Capabilities
Risk Associated with BOF
Summary
Tutorial
References
Chapter 7. Specter
Overview of Specter
The Value of Specter
How Specter Works
Installing and Configuring Specter
Deploying and Maintaining Specter
Information-Gathering and Alerting Capabilities
Risk Associated with Specter
Summary
References
Chapter 8. Honeyd
Overview of Honeyd
Value of Honeyd
How Honeyd Works
Installing and Configuring Honeyd
Deploying and Maintaining Honeyd
Information Gathering
Risk Associated with Honeyd
Summary
References
Chapter 9. Homemade Honeypots
An Overview of Homemade Honeypots
Port-Monitoring Honeypots
Jailed Environments
Summary
References
Chapter 10. ManTrap
Overview of ManTrap
The Value of ManTrap
How ManTrap Works
Installing and Configuring ManTrap
Deploying and Maintaining ManTrap
Information Gathering
Risk Associated with ManTrap
Summary
References
Chapter 11. Honeynets
Overview of Honeynets
The Value of Honeynets
How Honeynets Work
Honeynet Architectures
Sweetening the Honeynet
Deploying and Maintaining Honeynets
Information Gathering: An Example Attack
Risk Associated with Honeynets
Summary
References
Chapter 12. Implementing Your Honeypot
Specifying Honeypot Goals
Selecting a Honeypot
Determining the Number of Honeypots
Selecting Locations for Deployment
Implementing Data Capture
Logging and Managing Data
Using NAT
Mitigating Risk
Mitigating Fingerprinting
Summary
References
Chapter 13. Maintaining Your Honeypot
Alert Detection
Response
Data Analysis
Updates
Summary
References
Chapter 14. Putting It All Together
Honeyp.com
Honeyp.edu
Summary
References
Chapter 15. Legal Issues
Are Honeypots Illegal?
Precedents
Privacy
Entrapment
Liability
Summary
References
Resources
Chapter 16. Future of Honeypots
From Misunderstanding to Acceptance
Improving Ease of Use
Closer Integration with Technologies
Targeting Honeypots for Specific Purposes
Expanding Research Applications
A Final Caveat
Summary
References
Appendix A. Back Officer Friendly ASCII File of Scans
Appendix B. Snort Configuration File
Appendix C. IP Protocols
Appendix D. Definitions, Requirements, and Standards Document
PURPOSE
DEFINITIONS
REQUIREMENTS
STANDARDS
Appendix E. Honeynet Logs
Book: Honeypots: Tracking Hackers
Copyright
Many of the designations used by manufacturers and sellers to distinguish their products
are claimed as trademarks. Where those designations appear in this book, and AddisonWesley, Inc. was aware of a trademark claim, the designations have been printed with
initial capital letters or in all capitals.
The author and publisher have taken care in the preparation of this book, but make no
expressed or implied warranty of any kind and assume no responsibility for errors or
omissions. No liability is assumed for incidental or consequential damages in connection
with or arising out of the use of the information or programs contained herein.
The publisher offers discounts on this book when ordered in quantity for special sales. For
more information, please contact:
U.S. Corporate and Government Sales
(800) 382-3419
corpsales@pearsontechgroup.com
For sales outside of the U.S., please contact:
International Sales
(317) 581-3793
international@pearsontechgroup.com
Visit A-W on the Web: www.awprofessional.com
Library of Congress Cataloging-in-Publication Data
Spitzner, Lance.
Honeypots : tracking hackers / Lance Spitzner.
p. cm.
Includes bibliographical references and index.
1. Computer security. 2. Computer hackers. 3. Firewalls (Computer security) I. Title.
QA76.9.A25 S67 2002
005.8–dc21 2002008010
Copyright © 2003 by Pearson Education, Inc.
All rights reserved. No part of this publication may be reproduced, stored in a retrieval
system, or transmitted, in any form, or by any means, electronic, mechanical,
photocopying, recording, or otherwise, without the prior consent of the publisher. Printed
in the United States of America. Published simultaneously in Canada.
For information on obtaining permission for use of material from this work, please submit
a written request to:
Pearson Education, Inc.
Rights and Contracts Department
75 Arlington Street, Suite 300
Boston, MA 02116
Fax: (617) 848-7047
Text printed on recycled paper
1 2 3 4 5 6 7 8 9 10-CRS-0605040302
First printing, September 2002
Dedication
Dedicated to my wife, Ania, and our son, Adam.
My future, hope, and happiness.
Book: Honeypots: Tracking Hackers
Foreword: Giving the Hackers a Kick Where It Hurts
I’m an unabashed Lance Spitzner fan. This is the guy whose cell phone voice message says,
“I’m busy geeking out right now, but leave a message, and I’ll get back to you as soon as I
can.” I don’t know when he actually stops geeking out long enough to sleep. I sometimes
wonder if there are actually two of him. His enthusiasm for what he’s doing bleeds over
into all aspects of his life. Ideas for cool stuff erupt from him like a volcano and swirl
around him, sucking in casual bystanders and students alike. It’s somewhat intimidating to
share a stage with him at a conference. He makes just about everyone else look
uninteresting and tepid by comparison. Lance is a man who loves what he’s doing, and
what he loves doing is tracking hackers, sharing that information, and making a difference.
A lot of people like to reserve the term “hacker” for the techno-elite computer hobbyistthose media darlings often described as “misunderstood whiz-kids” or similar nonsense.
One of the great by-products of Lance’s work with honeypots and honeynets is that he’s
helped give us a much clearer picture of the hacker in action: often technically
unsophisticated kids playing around with technologies they barely understand. In Know
Your Enemy the Honeynet Project demonstrated just how active and unskilled most hackers
are. What’s that-you don’t believe it? Set up your own honeypot or honeynet and see for
yourself. This book gives you the necessary tools and concepts to do it!
I think it’s a great thing for the security community that Lance has written this book. In the
past, the hackers roamed our networks with supreme confidence in their anonymity. They
take advantage of systems they’ve compromised to chat with their buddies safely or to
launch attacks against other systems and sites without fear of detection. Now, however,
they may pause to wonder if their bases of operation are safe-whether they’re actually
planning their attacks and deploying their tricks under a microscope.
Honeypots are going to become a critical weapon in the good guys’ arsenals. They don’t
catch only the lame hackers. Sometimes they catch the new tools and are able to reduce
their effectiveness in the wild by letting security practitioners quickly react before they
become widespread. They don’t catch just the script kiddies outside your firewall but the
hackers who work for your own company. They don’t catch just unimportant stuff;
sometimes they catch industrial spies. They can be time- and effort-consuming to set up
and operate, but they’re fun, instructive, and a terrific way for a good guy to gain an
education on computer forensics in a real-world, low-risk environment.
Right now there are about a half-dozen commercial honeypot products on the market.
Lance covers several of them in this book, as well as “homemade” honeypots and
honeynets, focusing on how they operate, their value, how to implement them, and their
respective advantages. I predict that within one year, there will be dozens of commercial
honeypots. Within two years, there will be a hundred. This is all good news for the good
guys because it’ll make it easier for us to deploy honeypots and harder for the bad guys to
recognize and avoid them all. When you’re trying to defend against an unknown new form
of attack, the best defense is an unknown new form of defense. Honeypots will keep the
hackers on their toes and, I predict, will do a lot to shatter their sense of invulnerability.
This book is a great place to start learning about the currently available solutions.
In this book Lance also tackles the confusion surrounding the legality of honeypots. Lots of
practitioners I’ve talked to are scared to dabble in honeypots because they’re afraid it may
be considered entrapment or somehow illegal. It’s probably a good idea to read the chapter
on legal issues twice. It may suprise you. Welcome to the cutting edge of technology,
where innovation happens and the law is slow to catch up to new concepts. Meanwhile,
you can bet that with renewed concerns about state-sponsored industrial espionage and
terrorism the “big boys” will be setting up honeypots of their own. I’d hate to be a script
kiddy who chose to launch his next attack from a CIA honeypot system! When the big
boys come into the honeypot arena, you can bet that they’ll make sure it’s legal.
The sheer variety and options for mischief with honeypots are staggering. (There is even a
honeypot for spam e-mails.) You can use the concepts in this book to deploy just about any
kind of honeypot you can imagine. Would you like to build a honeypot for collecting
software pirates? I don’t think that’s been done yet. How about a honeypot that measures
which hacking tools are most popular by tracking hits against an index page? I don’t think
that’s been done yet, either. The possibilities are endless, and I found it difficult to read this
book without thinking, “What if . . . ?” over and over again.
I hope you enjoy this book and I hope it inspires you to exercise your own creativity and
learn what the bad guys are up to and then share it with the security community. Then
follow Lance’s lead, and make a difference.
-Marcus J. Ranum
Woodbine, MD
April 2002
Book: Honeypots: Tracking Hackers
Preface
It began as an innocent probe. A strange IP address was examining an unused service on
my system. In this case, a computer based in Korea was attempting to connect to a rpc
service on my computer. There is no reason why anyone would want to access this service,
especially someone in Korea. Something was definitely up. Immediately following the
probe, my Intrusion Detection System screamed an alert: An exploit had just been
launched. My system was under assault! Seconds after the attack, an intruder broke into my
computer, executed several commands, and took total control of the system. My computer
had just been hacked! I was elated! I could not have been happier.
Welcome to the exciting world of honeypots, where we turn the tables on the bad guys.
Most of the security books you read today cover a variety of concepts and technologies, but
almost all of them are about keeping blackhats out. This book is different: It is about
keeping the bad guys in-about building computers you want to be hacked. Traditionally,
security has been purely defensive. There has been little an organization could do to take
the initiative and challenge the bad guys. Honeypots change the rules. They are a
technology that allows organizations to take the offensive.
Honeypots come in a variety of shapes and sizes-everything from a simple Windows
system emulating a few services to an entire network of productions systems waiting to be
hacked. Honeypots also have a variety of values-everything from a burglar alarm that
detects an intruder to a research tool that can be used to study the motives of the blackhat
community. Honeypots are unique in that they are not a single tool that solves a specific
problem. Instead, they are a highly flexible technology that can fulfill a variety of different
roles. It is up to you how you want to use and deploy these technologies.
In this book, we explain what a honeypot is, how it works, and the different values this
unique technology can have. We then go into detail on six different honeypot technologies.
We explain one step at a time how these honeypot solutions work, discuss their advantages
and disadvantages, and show you what a real attack looks like to each honeypot. Finally,
we cover deployment and maintenance issues of honeypots. The goal of this book is not to
just give you an understanding of honeypot concepts and architecture but to provide you
with the skills and experience to deploy the best honeypot solutions for your environment.
The examples in the book are based on real-world experiences, and almost all of the attacks
discussed actually happened. You will see the blackhat community at their best, and some
of them at their worst. Best of all, you will arm yourself with the skills and knowledge to
track these attackers and learn about them on your own.
I have been using honeypots for many years, and I find them absolutely fascinating. They
are an exciting technology that not only teaches you a great deal about blackhats but also
teaches you about yourself and security in general. I hope you enjoy this book as much as I
have enjoyed writing and learning about honeypot technologies.
Book: Honeypots: Tracking Hackers
Section: Preface
Audience
This book is intended for the security professional. Anyone involved in protecting or
securing computer resources will find this resource valuable. It is the first publication
dedicated to honeypot technologies, a tool that more and more computer security
professionals will want to take advantage of once they understand its power and flexibility.
Due to honeypots’ unique capabilities, other individuals and organizations will be
extremely interested in this book. Military organizations can apply these technologies to
Cyberwarfare. Universities and security research organizations will find tremendous value
in the material concerning research honeypots. Intelligence organizations can apply this
book to intelligence and counterintelligence activities. Members of law enforcement can
use this material for the capturing of criminal activities. Legal professionals will find
Chapter 15 to be one of the first definitive resources concerning the legal issues of
honeypots.
Book: Honeypots: Tracking Hackers
Section: Preface
CD-ROM
A CD-ROM accompanies this book and contains additional information related to the
topics in the book. It includes everything from whitepapers and source code to actual
evaluation copies of software and data captures of real attacks. This will give you the
hands-on opportunity to develop your skills with honeypot technologies.
Book: Honeypots: Tracking Hackers
Section: Preface
Web Site
This book has a Web site dedicated to it. The purpose of the Web site is to keep this
material updated. If any discrepancies or mistakes are found in the book, the Web site will
have updates and corrections. For example, if any of the URLs in the book have been
changed or removed, the Web site will provide the updated links. Also, new technologies
are always being developed and deployed. You should periodically visit the Web site to
stay current with the latest in honeypot technologies.
http://www.tracking-hackers.com/book/
Book: Honeypots: Tracking Hackers
Section: Preface
References
Each chapter ends with a references section. The purpose is to provide you with resources
to gain additional information about topics discussed in the book. Examples of references
include Web sites that focus on securing operating systems and books that specialize in
forensic analysis.
Book: Honeypots: Tracking Hackers
Section: Preface
Network Diagrams
This book contains network diagrams demonstrating the deployment of honeypots. These
diagrams show both production systems and honeypots deployed together within a
networked environment. All production systems and honeypots are standardized, so you
can easily tell them apart. All production systems are simple black-and-white computer
objects, as in Figure A. These are systems you do not want to be hacked.
Figure A. Two production systems deployed on a network
In contrast, all honeypots can easily be identified by shading and the lines going through
the system, as in Figure B.
Figure B. Two honeypots deployed on a network
Book: Honeypots: Tracking Hackers
Section: Preface
About the Author
Lance Spitzner is a geek who constantly plays with computers, especially network security.
He loves security because it is a constantly changing environment. His love for tactics first
began in the U.S. Army, where he served both as an enlisted infantryman in the National
Guard and as an armor officer in the Rapid Deployment Force. Following the Army he
received his graduate degree and became involved in the world of information security.
Now he fights the enemy with IPv4 packets instead of 120mm SABOT rounds.
His passion is researching honeypot technologies and using them to learn more about the
bad guys. He is also actively involved with the security community. He is founder of the
Honeynet Project, moderator of the honeypot mail list, coauthor of Know Your Enemy, and
author of several whitepapers. He has also spoken at various conferences and
organizations, including Blackhat, SANS, CanSecWest, the Pentagon, the FBI Academy,
West Point, National Security Agency, and Navy War College. He is a senior security
architect for Sun Microsystems Inc.
Book: Honeypots: Tracking Hackers
Section: Preface
Acknowledgments
You could say that I did not really write this book. What I did was put together a great
many concepts and technologies that I have been fortunate enough to learn from other
people. Without their patience and help, not only this book but my career and education
would not have been possible.
My sincere thanks go to the following.
The people who took the time to teach me when I was a neophyte. Kevin Figiel, you were
priceless. You explained to me what Unix and a network are. I’ll never forget my first day
at work when you sat down and explained to me my first network diagram. The entire New
Logic team, including Carlos Talbot, Jeff Vosburg, Corey Borin, and Robert Thomas, took
the considerable time and effort to explain to me what Unix is all about and introduce me
to the world of information security.
The folks at SANS, who have been big supporters since day one. I’ll never forget how
excited I was to make my first presentation on honeypots and tracking hackers. Stephen
Northcut gave me my first chance to become involved with SANS. Alan Paller has been a
committed supporter of honeypots and the Honeynet Project. I would like to thank John
Green, who has helped with both the Forensic Challenge and Honeynet Research Alliance.
And finally, to the true boss at SANS, Zoe, the SANS goddess: Thank you so much for
taking care of all of us.
Two gentlemen who were extremely influential in guiding me in the ways of computer
security: Dan Farmer and Brad Powell. They are serious professionals from w …
Purchase answer to see full
attachment
Recent Comments