When an attacker breaks into your network, you have a home-field advantage. But how do you use it?
Intrusion Detection Honeypots is the foundational guide to building, deploying, and monitoring honeypots -- security resources whose value lies in being probed and attacked. These fake systems, services, and tokens lure attackers in, enticing them to interact. Unbeknownst to the attacker, those interactions generate logs that alert you to their presence and educate you about their tradecraft.
Intrusion Detection Honeypots teaches you how to:
- Use the See-Think-Do framework to integrate honeypots into your network and lure attackers into your traps.
- Leverage honey services that mimic HTTP, SSH, and RDP.
- Hide honey tokens amongst legitimate documents, files, and folders.
- Entice attackers to use fake credentials that give them away.
- Create honey commands, honey tables, honey broadcasts, and other unique detection tools that leverage deception
- Monitor honeypots for interaction and investigate the logs they generate
With the techniques in this book, you can safely use honeypots inside your network to detect adversaries before they accomplish their goals.