I'm interested in learning more about Honeypots and Honeynets. I've used low interaction Honeypots like Honeyd in the past, but now I want to take it to the next level.
Can anyone recommend any good books or papers about Honeypots/Honeynets?
I'm interested in learning more about Honeypots and Honeynets. I've used low interaction Honeypots like Honeyd in the past, but now I want to take it to the next level.
Can anyone recommend any good books or papers about Honeypots/Honeynets?
There are a few books on the subject (although I've never bothered with them), however I can recommend you some readily updated websites:
The always interesting honeyblog
The European Network of Affined Honeypots has many recent papers and presentations
The Honeynet Project has some good papers
Distributed honeypot management software and a video discussion of the current state of the threat
A directory of honeypot server related sites
Shadowserver has some good general stats
Finally there are some old (circa 2000) papers cited in this article
I just finished reading the book Beautiful Security, and it has a nice chapter on 'honey clients'. Instead of focusing on server side exploits, they look at how malware installs itself onto a client. The book has some good suggestions on using VMWare, and detecting system changes.
Beautiful Security http://ecx.images-amazon.com/images/I/51wsK04PePL._SL160_.jpg