Thursday, April 11, 2002
Security and Information Warfare. I just finished reading a book titled Know Your Enemy: Revealing the Security Tools, Tactics, and Motives of the Blackhat Community. In it, the authors extensively document their honeypot project, which was designed to deflect attackers away from real systems and data assets by using decoys. The project evolved into something much more, which is chronicled in the book.
The first part of the book deals with technical issues and how and why the project was initiated. As the chronicle of the project proceeds the authors begin adding a new dimension to information security: psychological profiling. This is where the book becomes fascinating, and where reading the book becomes tedious.
The fascination stems from the methods used to identify, classify and profile their attackers. The tedium in reading the book is that you have to carefully read through logs of chats (Chapter 11, In their Own Words). This is not the stuff of casual reading - but is worth the time, effort and pain it takes to wade through this chapter.
Part of the tedium, aside from having to read raw (but annotated) logs is that profiling attackers requires an understanding of cultural issues, psychological motivations and risks associated with each attacker profile.
The accompanying CD ROM contains tools and supporting material for each of the chapters. The tools are the ones the project uses in building, maintaining, and using a Honeynet environment, and includes source code, precompiled binaries, and documentation. The supporting material consists of source code, network captures, and other information related to specific chapters.
The sophisticated profiling methods described his book are more suited for large corporations, organizations that support unpopular social causes (commercial and non-commercial) and targets of information warfare attacks. I personally believe that the book adds a new dimension to IT security, making it an important contribution to the security body of knowledge.
I'm giving the book to Kate to read and review because her background will allow her to gain insights that I missed. I'm looking forward to her review here as soon as she has time to finish the book and write her thoughts.
On a more mundane note I just received an e-mail notification reporting Microsoft Warns of 10 IIS Flaws. Are such reports news anymore? Yawn.