Chapter 10: Honeypot Monitoring

skip navigation

honeypots for windows
Chapter 10 - Honeypot Monitoring
Honeypots for Windows
by Roger A. Grimes
Apress 2005
progress indicator progress indicatorprogress indicator progress indicator

Overview

You are finished with all the hard work of setting up your honeypot system, and rogue traffic is beginning to pour in. Now you need to keep track of all of this activity.

Tracking malicious activity on any type of security system involves four basic processes: taking baselines, monitoring, logging, and alerting. Baselines document activity in its uncompromised state. You must institute monitoring processes that will capture all malicious activity. The captured information should be logged to a database or file for later analysis. High-priority events, such as a honeypot’s initial compromise or a new Internet worm, should initiate one or more alert messages to the administrator.

This chapter describes the different methods and representative applications that you can use to track and monitor your honeypot’s activity. It covers baseline data collection, monitoring mechanisms, and the different forms of logging and alerting on real and emulated honeypot systems.

progress indicator progress indicatorprogress indicator progress indicator


Honeypots for Windows
Honeypots for Windows (Books for Professionals by Professionals)
ISBN: 1590593359
EAN: 2147483647
Year: 2006
Pages: 119

Similar book on Amazon
Honeypots: Tracking Hackers
Honeypots: Tracking Hackers
Know Your Enemy: Learning about Security Threats (2nd Edition)
Know Your Enemy: Learning about Security Threats (2nd Edition)
Virtual Honeypots: From Botnet Tracking to Intrusion Detection
Virtual Honeypots: From Botnet Tracking to Intrusion Detection
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net