I’m thrilled to announce the release of my newest book, Intrusion Detection Honeypots: Detection through Deception.
Intrusion Detection Honeypots is available for purchase on Amazon now. It will also soon be available at many other online retailers where books are sold.
The foundational guide for using deception against computer network adversaries.
When an attacker breaks into your network, you have a home-field advantage. But how do you use it?
Intrusion Detection Honeypots is the foundational guide to building, deploying, and monitoring honeypots — security resources whose value lies in being probed and attacked. These fake systems, services, and tokens lure attackers in, enticing them to interact. Unbeknownst to the attacker, those interactions generate logs that alert you to their presence and educate you about their tradecraft.
Intrusion Detection Honeypots teaches you how to:
- Use the See-Think-Do framework to integrate honeypots into your network and lure attackers into your traps.
- Leverage honey services that mimic HTTP, SSH, and RDP.
- Hide honey tokens amongst legitimate documents, files, and folders.
- Entice attackers to use fake credentials that give them away.
- Create honey commands, honey tables, honey broadcasts, and other unique detection tools that leverage deception.
- Monitor honeypots for interaction and investigate the logs they generate.
With the techniques in this book, you can safely use honeypots inside your network to detect adversaries before they accomplish their goals.
Table of Contents
Chapter 1: A Brief History of Honeypots
The first chapter takes you through the history of honeypots, starting in the 1980s. I’ll discuss landmarks in honeypot usage, such as Cliff Stoll’s SDINet, Bill Cheswick’s “Evening with Berferd,” and the formation of the honeynet project.
Chapter 2: Defining and Classifying Honeypots
Because I’ve seen honeypots used in so many ways, this chapter seeks to describe the characteristics of honeypots and their common goals. I’ll also discuss a framework for deceptive thinking and dispel traditional honeypot myths to make a more direct case for detection honeypots in every network.
Chapter 3: Planning Honeypot-Based Detection
This chapter introduces the See-Think-Do deception framework for planning honeypot- based detection deployment. I’ll help you figure out what honeypots to build and where to deploy them.
Chapter 4: Logging and Monitoring
This chapter describes how to fit honeypots into your existing logging and monitoring infrastructure so that you’ll know when attackers interact with them. I’ll also cover some common tools and best practices for monitoring honeypots.
Chapter 5: Building Your First Honeypot from Scratch
Now that you understand the theory, it’s time to get your hands dirty. I’ll walk you through creating a simple honeypot using netcat.
Chapter 6: Honey Services
This chapter walks you through creating multiple honey services using a variety of techniques. These techniques include mimicking the RDP service with Windows, the SSH service with Cowrie, and various services with OpenCanary.
Chapter 7: Honey Tokens
Honey tokens are my favorite form of IDH, and I’ll show you why in this chapter. You’ll learn to create honeydocs from office files, other forms of honey files, and honey folders.
Chapter 8: Honey Credentials
Attackers often rely on credential theft to accomplish their goals, so this chapter shows you how to use that against them by deploying honey credentials to strategic network locations. I’ll show you how to create honey token services, place honey credentials in memory, and deploy honey broadcasts.
Chapter 9: Unconventional Honeypots
In my research for this book, I encountered several unique use cases for detection honeypots. This chapter covers many of these unconventional techniques, including some that don’t fit into a specific category, span multiple categories, or were just good ol’ fashioned fun! I’ll show you how to create DHCP honey services, honey tokens to detect website cloning, honey tables, honey mailboxes, and honey commands.
I’m proud to donate a portion of the proceeds from this book to several charitable causes. By purchasing this book you’ll help support:
- Donations to poverty-stricken classrooms to help teach students about computer science through the Rural Tech Fund (ruraltechfund.org).
- The purchase of mosquito nets to help save lives in underdeveloped countries through the Against Malaria Foundation (againstmalaria.org).
- Direct cash donations to individuals living in poverty through GiveDirectly (givedirectly.org).
- The construction of affordable homes for families in need through Habitat for Humanity (habitat.org).
- Feeding the hungry through several local food banks.
Although it’s my name alone on this book’s spine, it would not appear there if not for the support of many others. I’d like to take this opportunity to thank those who supported the production of Intrusion Detection Honeypots or who supported me while writing it.
First and foremost, a heartfelt thank you to my wife, Ellen. Your support during this process and your help managing the cognitive load of the household were priceless.
I’ve been fortunate to work with many incredibly talented people who see the world in unique, interesting ways. While there are far too many to name, I want to extend special thanks to Alek Rollyson, Stef Rand, and Jason Smith for providing their thoughts on various components of this book and serving as sounding boards.
While researching this book, I spoke to dozens of people who helped provide valuable perspectives. Thank you to Ross Bevington, Haroon Meer, Lance Spitzner, and several others who directly or indirectly helped shape the content of this book.
Although I’ve written several other books, this title is my first venture into self- publishing. I knew that assembling a top-notch team would make all the difference, and it has. Thank you to my copy editor Amanda Robinson and proofreader Johanna Leigh for helping things make more sense. Thank you to my technical editors Josh Brower, David Bianco, and Marco Slaviero for validating concepts and providing different perspectives. Thank you to Michael W. Lucas for providing guidance on the independent publishing process. Thank you to Stacy Edwards for helping with some of the graphics, Bailey McGinn for her beautiful cover design, Cheryl Lenser for her indexing work, and Susan Veach for designing the inside of the book and setting the text.
Finally, thank you to public school teachers. The ones who impacted me, and all the rest of them too. They are important and don’t get paid enough.
This book was written to the soundtrack of fellow Kentucky native, Tyler Childers.
Finally, if you purchase Intrusion Detection Honeypots, I’m always grateful for a review on the books Amazon page. A positive review is the most meaningful way to help an author whose work you enjoyed. If you’d rather share your review with me directly, don’t hesitate to e-mail me.
You can purchase Intrusion Detection Honeypots here: https://smile.amazon.com/dp/1735188301/ref=tmm_pap_swatch_0?_encoding=UTF8&qid=&sr=.