Know Your Enemy:
Revealing the Security
Tools, Tactics, and Motives of the Blackhat Community
by
the Honeynet Project
In
these troubled days following September 11th, there's
a lot more discussion than ever before about the nature and motivations
of "friends"
and "enemies" — but this book is not about the kind of terrorists
who blow up buildings and airplanes. Instead, it's about another kind
of terrorism, one that has not yet been experienced on a grand scale
(though
it caused an estimated $10.7 billion in worldwide costs during the first
8 months of 2001): cyber-terrorism.
Anyone in the IT community, as well
as any knowledgeable "user"
of computers, is familiar with at least the vocabulary, if not the technical
details, of firewalls and passwords, as well as viruses and worms. But
most
of us (myself included!) have no idea how pervasive and persistent the "hacking" activities
are; as computer security guru Bruce
Schneier points out in the foreword of Know
Your Enemy: Revealing the Security Tools, Tactics, and Motives of the
Blackhat
Community, the numbers are staggering:
"A
random computer on the Internet is scanned dozens of times
a day. The life
expectancy, or the time before someone successfully hacks,
a default installation of Red Hat 6.2 server is less than 72 hours. A
common home user setup,
with
Windows 98 and file sharing enabled, was hacked five times
in four days. Systems are subjected to NetBIOS scans an average of 17
times a day.
And
the fastest time for a server being hacked: 15 minutes after
plugging it into the network."
Well, this gives us an idea of what the hacking is
all about, but it doesn't say anything about who the hackers are
(disgruntled "script-kiddies," veteran
criminals, or members of a foreign intelligence service?). And perhaps
more important, it doesn't say anything about why they're doing
it — after all, what possible interest could anyone have in the miscellaneous
files residing on the hard disk of Joe Sixpack's home computer? As the
authors of this fascinating book explain,
"Instead
of trying to guess who the enemy is and to develop theories on how
blackhats
think and operate, we have them teach us their tools, tactics, and motives.
Our primary method for learning is the Honeynet, a collection of production
systems designed to be compromised. When the bad guys probe, attack,
and
compromise our systems, we watch and learn from their every step."
As you can imagine, the people likely to learn the
most from Know
Your Enemy are security experts, systems administrators, and IT
professionals. But it's good reading for "amateurs," too — indeed,
I think it should be required reading for anyone who has a home
computer attached to the Internet via an "always-on" cable-modem
or DSL connection. Among other things, these innocent users may find that
their
computers have essentially been hijacked by hackers, and converted into
"zombie" machines, without any obvious external signs,
and then used in massive, coordinated, denial-of-service attacks against
whatever targets the hackers happen to choose.
Of course, security is an
ever-changing issue; one must assume that some
of the details in this book were obsolete by the moment it was published.
But the authors have created a website for
the book, which "will contain any additional information
relative to this book, such as corrections and updates, and unabridged
text of the chat sessions in Chapter 11." Indeed, the entire Honeynet
Project has a website, which you can find at http://project.honeynet.org
All
in all, this is a fascinating and valuable book. Not only does it provide
some practical guidance for increasing the security
of one's at-home computer,
or at-the-office network, but it accomplishes what its title promises:
helping us to better understand the "enemy" who seeks to disrupt
our computing activities — and, ultimately, the entire infrastructure
of the Internet.
