Book details of 'Know Your Enemy: Revealing the Security Tools, Tactics, and Motives of the Blackhat Community'

Title	Know Your Enemy: Revealing the Security Tools, Tactics, and Motives of the Blackhat Community
Author(s)	Honeynet Project
ISBN	0201746131
Language	English
Published	August 2001
Publisher	Addison-Wesley Pub Co

---

Back to shelf Computer security
Amazon.com info for Know Your Enemy: Revealing the Security Tools, Tactics, and Motives of the Blackhat Community

Score:

Vote for this book

The Virtual Bookcase Reviews of 'Know Your Enemy: Revealing the Security Tools, Tactics, and Motives of the Blackhat Community':

Reviewer Rob Slade wrote:
I have frequently said that any book with "hack," or any variant thereof, in the title is automatically suspect. This work helps prove my point, first, because the Honeynet Project members have *not* used the term (they refer to attackers as blackhats), and the text also notes the problems with "exploit" type books: they list old and known attacks, most of which are protected against, and say nothing about the attackers and how they work. Chapter one points out the value of "knowing the enemy" and the beginnings of the Honeynet Project. Part one describes the honeynet. Chapter two explains what a honeynet is, and the difference between one and the traditional honeypots. Details on how a honeynet works, in terms of architecture, policies, and the risks and responsibilities of operating one, are presented in chapter three. Building a honeynet, in chapter four, presents specific details, although a number have already been given. Part two concerns the analysis of data collected from the Honeynet. Chapter five, on data analysis, points out the sources of data for logging, much of which has already been discussed. There is some more information on what we can find, but limited explanation of how to interpret it. The discussion of analyzing a compromised system, in chapter six, is more detailed and does a better job of explaining the logs, but relies on a blackhat document, which, while better than most such, still has the holes and gaps that characterize the genre. Additional details are provided in advanced data analysis, plus some material on data that is (and some that is not) useful in packets, plus forensic (data recovery) considerations, in chapter seven. (Interestingly, the Honeynet Project does not seem to be concerned with wiping a drive in order to deny information to blackhats.) Chapter eight examines data recovery tools and some results. Part three explains what the project has determined about "the enemy" by the types of attacks that have been launched and detected. Chapter nine is a general review of the random nature of attacks, the tools seen, motives theorized, and trends in attacks. The activities and signatures of the Bymer worm are described in chapter ten. An IRC conversation between a group of blackhats is provided in chapter eleven. While there is some interest in the account, the transcript occupies almost 100 pages (and almost a third of the total length of the book). Chapter twelve suggests the future activities of the Honeynet Project. Much of the material in the book is repeated, sometimes in a number of places. The text would definitely benefit from a tightening up of the material. In addition, the early examples are not thoroughly explained, making the reader initially feel that only a firewall audit log specialist would be able to understand what is being said. However, most of the book is written clearly and well, and it is definitely worth reading.
Add my review for Know Your Enemy: Revealing the Security Tools, Tactics, and Motives of the Blackhat Community

Book description:

Aimed at both security professionals and those with a non-technical background, this book teaches the technical skills needed to study a blackhat attack and learn from it. Softcover. CD-ROM included.