Honeypots for Windows

Before reading Roger's book I was pretty sure I had a solid understanding of Honeypots, how they work, how they should be deployed, etc. I can honestly say that I still learned a lot from this book. Recommended for beginner to advanced user. The examples are great and very specific. Running a honeypot in a windows environment definately benefits many of my clients because they are unsure how to properly secure a *nix machine. This book showed me step-by-step how to set-up a fully functional Windows Honeypot that anyone can administer. Thanks for the great info Mr. Grimes, can't wait to read the next book.

I have been recently doing research on honeypots/nets and having read through Know Your Enemy(honeynet project) and Tracking Hackers(Lance Spitzner). Both were full of great information but this book really lays out the what it takes to have a succeful honeypot and gives step by step instructions on how to set up a few different types. Its easy to read for a beginner, and easy to follow. It's also the only good guide to honeypots on the Windows side, and as a bonus all of the tools and information are current, as it was published this year(2005).

Honeypots are an exciting technology with tremendous potential for the security community. However, one of their limitations has been they have primarily been Unix based. Roger does an outstanding job of addressing this issue, bringing them into the Windows community.

Review by Lou Vega of the Greater Charleston .NET User Group This book provides immediate and useful information whether you have previous experience with Honeypots or hadn't even heard of one until you picked up the book. I would recommend this book to anyone who has ever been interested in network and systems security as it pertains to a Microsoft Windows environment, especially in light of the fact that most previous books and articles with information about Honeypots were geared toward *nix systems. Those who have no previous experience with Honeypots and would like a background lesson can jump right into Chapters 1 and 2 which should give them a fair basic understanding of what's involved. Those persons who want to get right to work...start browsing between chapters 3 and 8 for hands on information including screenshots and installation/configuration information. Later chapters cover more advanced information concerning the monitoring and analysis of the traffic captured using your Honeypot. The author doesn't leave you stranded with just setting up a Honeypot either. The chapters on Network Analysis, Honeypot Monitoring and alerting, and Honeypot data analysis give you a chance to begin to make real use of the Honeypot and the data gathered while using it. The walkthroughs for setting these analysis and monitoring tools seem easy enough and the author makes good use of available open source tools out there for those who don't have the budget for some of the commercial applications available. An added bonus for any networking security person is the wealth of information concerning how to harden a Windows Server, common ports used in malware and numerous configuration demonstrations make this a handy book to keep as a general security reference. This book will make a fine addition to any IT professional's reference collection.

Grimes has a valid gripe. Honeypots have risen to prominence as an aggressive anti-cracker method. So that, for example, the well known Honeynet Project has been running for several years, with good results. But the bulk of these honeypot efforts has been in unix machines. If you run a network of Microsoft boxes, there is a dearth of comprehensive documentation, until this book came along. It is written for the Microsoft sysadmin who wants to establish a honeypot that is state of the art. This could be one or more machines on her network. Grimes gives detailed instructions. Most importantly, for the honeyd program. Two chapters are devoted to its installation and running. But even aside from whether you end up running a honeypot, the book has value. It explains network traffic analysis and various tools that aid in this, such as Snort or Ethereal. With or without a honeypot, you'll need more than a passing acquaintance with traffic analysis, and the book can aid in this.