Musings

Book Reviews

Here we are gathering book reviews on information and network security, management, and leadership.

Book Review: The New School of Information Security, by Adam Shostack and Andrew Stewart - October 31st, 2008
Book Review: Crimeware, by Jakobsson and Ramzan - July 12th, 2008
Book Review: Dreams from My Father, by Barack Obama - February 4th, 2008
Book Review: LAN Switch Security:What Hackers Know About Your Switches, by Eric Vyncke and Christopher Paggen - January 11th, 2008
Book Review: Made to Stick: Why Some Ideas Survive and Others Die, by Chip Heath and Dan Heath - January 2nd, 2008
Book Review: Geekonomics, by David Rice - December 27th, 2007
Book Review: End-to-End Network Security, by Omar Santos - December 6th, 2007
Book alert, Behind the Screen: Hacking Hollywood, by Mark Stone - November 27th, 2007
Book Review: Linksys WRT54G Ultimate Hacking, by Paul Asadoorian and Larry Pesce; Raul Siles Technical Editor - October 31st, 2007
Book Review: The Black Swan: The Impact of the HIGHLY IMPROBABLE, by Nassim Nicholas Taleb - October 27th, 2007
The Best Security Books to have in your library - October 25th, 2007
Book Review: The Age of Speed, by Vince Poscente - October 2nd, 2007
Book Review: Virtual Honeypots by Niels Provos and Thorsten Holz - August 21st, 2007
Book Review: Seduced by Success by Robert J. Herbold - June 26th, 2007
Book Review: Selling Blue Elephants, by Moskowitz and Gofman - June 25th, 2007
Book Review of Snow Crash leads to Second Life - April 18th, 2007
Book Review: Miracle in the Andes, by Nando Parrado and Vince Rause - February 20th, 2007
Book Review - Information Security Law: Control of Digital Assets - February 19th, 2007
Book Review - Cisco Network Admission Control - January 1st, 2007
Book Review: The Art of Software Security Assessment - December 19th, 2006

Book Review: Virtual Honeypots by Niels Provos and Thorsten Holz

August 21st, 2007
By Stephen Northcutt


Simply put, this is the best security book I have read this year. A perfect blend of well researched information about honeypots as well as plenty of pragmatic how to do it. Well known respected authors that clearly know their stuff. A nice blend of network and system information to give the read the full picture. The reader will learn a lot of analysis and be exposed to a number of attack signatures. And, the information is applicable. That was the huge eye opener for me! I thought honeypots were boutique at best, but the book shows clearly how to use them to augment your intrusion detection capability, to detect malware and to identify botnets. At the exact second the Storm botnet is raging, anti-malware products from Symantec, NAI, Trend Micro are just not getting the job done. A large organization with a low interaction honeypot like honeyd, collapsar or potemkin would be able to track what is happening in their network. In the same way, if you are running nepenthes or roleplayer you can identify (detect) the malware and understand how it is working.

Obviously the book cannot cover each tool in depth, Virtual Honeypots goes into detail for honeyd and nepenthes and serves as a manual to help you get started. This is thrilling reading to the very end, the final three chapters are case studies (war stories), tracking botnets and working with the CWSandbox. I absolutely recommend this book and expect that I will keep it near my workstation for the next few months. I read it the first time on airplanes; I live in Hawaii so each trip to the east coast is ten hours airplane time and it took about 20 hours for me to work through the book. I plan to read it at least one more time, but with a computer nearby to try to apply some of this. Hats off to the authors, Provos and Holz, for sharing their knowledge with the community.