Forensic Incident Response Review on "Virtual Honeypots"
Tuesday, August 7. 2007
There is another review of our book at the Forensic Incident Response blog:
I got this book approximately 3 days ago and absolutely tore through it. This book was fantastic in every sense of the word.
Niels Provos (of honeyd fame) and Thorsten Holz (from the German honeynet project) teamed up to provide a true wealth of knowledge and information in Virtual Honeypots note I bought it from Amazon
As the title suggests, this book is all about creating and utilizing a virtualized environment to host honeypots. From the first chapter on, there is no mincing of words and the technical aspects are covered from set up to configuration to usage. Virtual Honeypots is a logical progression from the initial honeypots and KYE books and focuses more on the honeypot than the honeynet. There's such a wide variety of topics discussed that this book is probably best served as a reference after reading it once or twice. I was in awe when I read chapter 7 and specifically the section on the potemkin honeyfarm which apparently has been used to emulate over 64,000 honeypots!
This book presents itself really well and the authors did a fantastic job covering all of the critical and really interesting projects that are out there in the honey(net|pot) world. If you operate a honeynet or honeypots this book is not an option, it simply provides too much information to ignore. Even if you don't operate a honey(net|pot) this book is well worth the money and It's going right on the shelf next to other quick grab reference books.
