[ISN] [Review] Real World Linux Security: Intrusion Prevention, Detection, and Recovery

From: InfoSec News (isnat_private)
Date: Tue Sep 04 2001 - 02:15:53 PDT

  • Next message: InfoSec News: "[ISN] Security patch RFP delayed"

    Real World Linux Security: Intrusion Prevention, Detection, and
    by Bob Toxen 
    Prentice Hall, 2001 
    ISBN: 0130281875 
    Review by Ben Rothke 
    [Read an exceprt from this book. 
    http://unixreview.com/articles/books/book25/rwls_ch10.pdf ]
    A poll taken in July 2001 for Network World 
    ( www.nwfusion.com/you2001/concerns/concerns.html ) asked 100 network
    executives what their biggest technology concerns were in 2001.  It
    turns out that their biggest concern was "making sure the network is
    hackerproof."  Ill ignore for now the fact that there is no such word
    as hackerproof; Ill take license and substitute the term bulletproof,
    which dictionary.com informally defines as impervious to assault,
    damage, or failure; guaranteed.
    With that, can network security and commercial off-the-shelf operating
    systems ever be impervious to assault, damage, or failure?  Not even
    the largest seller of security snake oil would say yes to such a
    statement.  Information security adversaries are already at the gate,
    posing legitimate threats; it is not a question of if networks will be
    attacked, but when.  It is within this framework that Bob Toxen
    presents Real World Linux Security, a superb overview of how to
    comprehensively secure a Linux system.
    Toxen is one of the original developers of Berkeley Unix, and his book
    is full of interesting historical tidbits from the computer science
    halls of UC Berkeley in the early 1970s.  When it comes to Unix
    security, Toxens mantra is certainly "been there, done that."  Toxen
    is one of a very few writers who can write in the first person about
    developing operating systems while dropping names such as Bill Joy and
    Ken Thompson.
    Although it comprises nearly 700 pages, Real World Linux Security is
    light on filler and bursting with important information on how to
    secure a Linux host.  In reference to space filler, other books often
    have about a third of their content made up of screen prints and
    source code listing.  Toxen's book fortunately does not use that route
    and instead directs readers to either a Web site or the companion
    CD-ROM for source code. The book is useful for all flavors of Linux,
    yet nearly all of the topics can be applied to other operating systems
    as well, because the threats are basically the same -- only the common
    line usage changes.
    At page 25 -- where many other security books would still be
    addressing abstract ideas about computer security -- Real World Linux
    Security deals with Linuxs "Seven Most Deadly Sins."  Some of them
    are: weak passwords, old software versions, open network ports, and
    poor physical security. Just a few of the other critical security
    topics covered in the book are:  common break-ins by subsystem,
    establishing security policies, hardening your system, and scanning
    your system for anomalies.
    While much of the book is akin to "Linux Security 101," advanced
    topics and defenses are also covered.  The wide-ranging topics of the
    book include not only Linux host security, but also what to do when an
    intrusion has occurred.  Part 4 of the book is "Recovering From an
    Intrusion."  The knee-jerk response of many systems administrators is
    to power down a system in the event of an intrusion.  However, in
    reality, that is often the worst thing to do.  Powering-down a system
    makes digital forensics much more difficult.  A methodical and planned
    approach to intrusions is required, and the book details the
    appropriate steps to use.
    The book comes with a CD that has a lot of useful programs and
    custom-written scripts.  The CD-ROM includes most of the popular
    security tools including, nmap, crack, tcpdump, snort, and more.  
    Although most of the software is freeware and available on the
    Internet, having all of the tools on a single CD-ROM is a timesaver.
    The only complaint I have about the book is the use of skulls for the
    danger level.  One skull indicates a minor effect or risk, while five
    skulls means the risk is too dangerous.  It is often hard to discern
    whether the skulls refer to the topic just mentioned, or the
    subsequent one.
    While many of the threats and vulnerabilities in the book indeed have
    five skulls, Real World Linux Security deserves five stars.  It is an
    excellent reference about Linux security -- a topic that, while
    timely, does not always get the respect it deserves.
    Ben Rothke is a New York-city based Senior Security Analyst with
    Camelot Information Technologies.  He can be reached at:
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Tue Sep 04 2001 - 05:07:16 PDT