This book is for administrators and users with an intermediate understanding of the Windows operating system and computer security. Readers should have experience with the Windows operating system, the Internet, and Windows-based networking; be able to install and troubleshoot network-related software; and have general understanding of the OSI model. It helps if you’re familiar with basic computer security concepts, such as computer worms, buffer overflows, and password cracking. An understanding of Windows security mechanisms will make the book more enjoyable.
A strong understanding of TCP/IP network protocol basics is essential for most honeypot administrators. Although this book will cover the fundamentals needed to understand the material presented, readers should understand the following terms prior to beginning this journey: TCP, UDP, ICMP, stateful, stateless, flags, TCP/IP handshake, packet header, and packet payload.
But even if you’re not familiar with the details of all these topics, you should still be able to understand every concept discussed in this book. So, don’t panic if you can’t name all the TCP header flags off the top of your head, or if don’t know the exact meaning of stateful inspection. This book will be of value to people newly interested in computer security and honeypots, as well as to experienced security experts.
Readers without a firm foundation in these fundamentals should consider a quick refresher with a TCP/IP protocol reference. There are several good books on the TCP/IP protocol, and here are some online references:
Webopedia’s TCP/IP page: http://www.webopedia.com/TERM/T/TCP_IP.html
An excellent TCP/IP Reference by Cisco: http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/ip.pdf
About.com’s Computer Networking Guide to TCP/IP: http://compnetworking.about.com/cs/basictcpip
Wikipedia Internet Protocol Suite reference: http://www.wikipedia.org/wiki/Internet_protocol_suite
Internet Engineering Task Force (IETF) references: http://www.ietf.org
On the IETF web site, at a minimum, read the following Request For Comments (RFCs): 791-IP, 792-ICMP, 768-UDP, and 793-TCP. RFCs are very wordy and long, and a bit like reading IRS tax code, but taking the time to read them will allow you to understand the TCP/IP protocol suite in detail.