Honeypots for Windows (Books for Professionals by Professionals)
| ||||||||||||
| ||||||||||||
| | |||||
Chapter 1: An Introduction to Honeypots
- Table 1-1: Summary of Honeypot Types
Chapter 2: A Honeypot Deployment Plan
- Table 2-1: Honeypot Placement Location Comparison
Chapter 3: Windows Honeypot Modeling
- Table 3-1: Common Microsoft Windows Ports and Services
- Table 3-2: Generic Windows Server Ports
- Table 3-3: Common IIS Server Ports
- Table 3-4: Common Windows 2000 Domain Controller Ports
- Table 3-5: Common Windows Workstation Ports
- Table 3-6: Common SQL Server Ports
- Table 3-7: Common Ports on a Simple Exchange Server
- Table 3-8: Common Ports on a Complex Exchange Server
- Table 3-9: Common NetBIOS Suffixes
- Table 3-10: NetBIOS Ports
- Table 3-11: IIS Versions and Related Operating Systems
- Table 3-12: Default IIS Folders and Subfolders
- Table 3-13: Common Windows Listening UDP Ports by Platform
- Table 3-14: Common Windows Listening TCP Ports by Platform
- Table 3-15: Common Windows Applications and Their Port Numbers
Chapter 4: Windows Honeypot Deployment
- Table 4-1: Windows OS Minimum and Recommended Hardware Requirements
- Table 4-2: Recommended Hardware Requirements for a Honeypot
- Table 4-3: Recommended Registry Entries to Harden the TCP/IP Stack
- Table 4-4: Recommended Windows Services Startup Type Settings
Chapter 5: Honeyd Installation
- Table 5-1: TCP/IP Packet Types
- Table 5-2: TCP Flags
- Table 5-3: Honeyd Simple Port Behaviors
- Table 5-4: Recommended Honeyd Directories
Chapter 6: Honeyd Configuration
- Table 6-1: Honeyd Runtime Options
Chapter 7: Honeyd Service Scripts
- Table 7-1: Default Scripts in the Windows Version of Honeyd
- Table 7-2: Service Scripts Available at Honeyd.org
Chapter 8: Other Windows-Based Honeypots
- Table 8-1: SPECTER Traps and Services
- Table 8-2: KFSensor Sim Banner Server Banner Parameters
- Table 8-3: KFSensor Event Column Fields
Chapter 9: Network Traffic Analysis
- Table 9-1: Default Snort Variables
- Table 9-2: Some Snort Preprocessors
- Table 9-3: Snort Rule Syntax Fields
Chapter 10: Honeypot Monitoring
- Table 10-1: Microsoft Tools for Gathering Baseline Information
- Table 10-2: Sysinternal PsTools Utilities
- Table 10-3: EVENTTRIGGERS /Create Options
Chapter 11: Honeypot Data Analysis
- Table 11-1: Logon Event Properties
- Table 11-2: Event Description Information
- Table 11-3: Interesting Event IDs
Chapter 12: Malware Code Analysis
- Table 12-1: 8086 Register Types and Common Functions
- Table 12-2: Common 80x86 Instructions
- Table 12-3: PE File Segments
| | |||||