Honeypots have demonstrated immense value in Internet security, but physical honeypot deployment can be prohibitively complex, time-consuming, and expensive. Now, there's a breakthrough solution. Virtual honeypots share many attributes of traditional honeypots, but you can run thousands of them on a single system-making them easier and cheaper to build, deploy, and maintain.
In this hands-on, highly accessible book, two leading honeypot pioneers systematically introduce virtual honeypot technology. One step at a time, you'll learn exactly how to implement, configure, use, and maintain virtual honeypots in your own environment, even if you've never deployed a honeypot before. You'll learn through examples, including Honeyd, the acclaimed virtual honeypot created by coauthor Niels Provos. The authors also present multiple real-world applications for virtual honeypots, including network decoy, worm detection, spam prevention, and network simulation. After reading this book, you will be able to * Compare high-interaction honeypots that provide real systems and services and the low-interaction honeypots that emulate them * Install and configure Honeyd to simulate multiple operating systems, services, and network environments * Use virtual honeypots to capture worms, bots, and other malware * Create high-performance "hybrid" honeypots that draw on technologies from both low- and high-interaction honeypots * Implement client honeypots that actively seek out dangerous Internet locations * Understand how attackers identify and circumvent honeypots * Analyze the botnets your honeypot identifies, and the malware it captures * Preview the future evolution of both virtual and physical honeypots