Honeypots for Windows

1. Front Matter

   Pages i-xxv

   PDF

2. Honeypots in General

   1. Front Matter

      Pages 1-1

      PDF

   2. An Introduction to Honeypots

      Pages 3-34

   3. A Honeypot Deployment Plan

      Pages 35-59

3. Windows Honeypots

   1. Front Matter

      Pages 61-61

      PDF

   2. Windows Honeypot Modeling

      Pages 63-88

   3. Windows Honeypot Deployment

      Pages 89-120

   4. Honeyd Installation

      Pages 121-149

   5. Honeyd Configuration

      Pages 151-166

   6. Honeyd Service Scripts

      Pages 167-188

   7. Other Windows-Based Honeypots

      Pages 189-220

4. Honeypot Operations

   1. Front Matter

      Pages 221-221

      PDF

   2. Network Traffic Analysis

      Pages 223-268

   3. Honeypot Monitoring

      Pages 269-300

   4. Honeypot Data Analysis

      Pages 301-336

   5. Malware Code Analysis

      Pages 337-361

5. Back Matter

   Pages 363-392

   PDF

Installing a honeypot inside your network as an early warning system can significantly improve your security. Currently, almost every book and resource about honeypots comes from a Unix background, which leaves Windows administrators still grasping for help. But Honeypots for Windows is a forensic journeyhelping you set up the physical layer, design your honeypot, and perform malware code analysis.

You'll discover which Windows ports need to be open on your honeypot to fool those malicious hackers, and you'll learn about numerous open source tools imported from the Unix world. Install a honeypot on your DMZ or at home and watch the exploits roll in! Your honeypot will capture waves of automated exploits, and youll learn how to defend the computer assets under your control.

• Deployment
• Open Source
• Windows
• design
• modeling
• security

Roger A. Grimes (CPA, CISSP, MCSE: Security (NT/2000/2003/MVP), CEH, TICSA, Security+, MCT) is a Windows security consultant, instructor, and author. This is Grimes' third book and he has written over a 150 articles for magazines like Windows IT Pro, Microsoft Certified Professional, InfoWorld, Network Magazine, Windows & .NET, and Security Administrator. He is a contributing editor for Windows & .NET, and InfoWorld magazines. Grimes has presented at Windows Connections, MCP TechMentors, and SANS. He was recognized as "Most Valuable Professional" (MVP) by Microsoft, for Windows Server 2003 security. Grimes also writes frequently for Microsoft, including material for two courses on advanced Windows security and Technet. He has taught security to many of the world's largest and most respected organizations, including Microsoft, VeriSign, the U.S. Navy, various universities, and public school systems. Grimes spends his time surrounded by the maddening hum of twelve 1U servers in his home office, monitoring his personal honeypots.

Policies and ethics