Slashdot Mirror

An anonymous reader writes "PGP Corporation salutes the 15th anniversary of PGP encryption technology. Developed and released in 1991 by Phil Zimmermann, Pretty Good Privacy 1.0 set the standard for safe, accessible technology to protect and share online information."

An anonymous reader writes, "A spam-sending Trojan dubbed 'SpamThru' is responsible for a vast amount of the recent botnet activity which has significantly increased spam levels to almost three out of every four emails. The developers of SpamThru employed numerous tactics to thwart detection and enhance outreach, such as releasing new strains of the Trojan at regular intervals in order to confuse traditional anti-virus signatures detection." According to MessageLabs (PDF), another contributor to the recent spam increase is a trojan dropper called "Warezov."

Fred writes, "HNS is running a story about Web 2.0 and the new attack vectors it opens up. Worms of the Yamanner, Samy, and Spaceflash types are exploiting client-side AJAX frameworks, providing new avenues of attack and compromising confidential information. On the server side, XML-based Web services are providing distributed application access through Web services interfaces and opening up new vulnerabilities in the process." The article is spread over 6 short pages and there is no printer-friendly URL.

An anonymous reader writes "IT staff are in the unique position that if they are nosy, immoral, greedy or corrupt that can get at what they want within their company at the touch of a button. The corporate crown jewels are usually left open and exposed to the IT guys. So how do you protect your corporate crown jewels from staff that can so easily be bribed to steal them and hand them over to a competitor?" I can't imagine having to be paranoid about employees. That seems to me to be a bigger problem than hardware.

An anonymous reader writes "For the first time in more than two years, the United States has failed to make inroads into its spam-relaying problem. The U.S. remains stuck at the top of the chart and is the source of 23.2 percent of the world's spam. Its closest rivals are China and South Korea, although both of these nations have managed to reduce their statistics since Q1 2006. The vast majority of this spam is relayed by 'zombies,' also known as botnet computers."

An anonymous reader writes "Help Net Security has a story that covers the dramatic increase in the number of hacker attacks attempted against its banking, credit union and utility clients in the past three months using SQL Injection." Article follows up on press release with a little more information. Not a lot here shockingly surprising, but it's worth mentioning that SQL injection is a real pain for web developers. You have to be very careful about checking user input.

LogError writes "Two weeks ago, Department of Treasury received a D-minus grade in the Federal Computer Security Report Card for 2005, down from a D-plus grade in 2004. The majority of Treasury systems are those belonging to IRS. The government-wide computer-security grade for 2005 was D-plus, while Homeland Security and Defense both received an F. Grades are based on reports submitted to Congress by the agencies; the reports are required under the Federal Information Security Management Act of 2002.8 The scores are meant to reflect whether departments meet federally mandated security standards."

An anonymous reader writes "Net-Security is running an interesting article about some of the problems facing organizations when it comes to identity theft. From the article: 'Identity theft is the major security concern facing organizations today. Indeed, for the banking industry, it is the number one security priority for 2006. Identity security has developed beyond the simplest form of authentication where one party issues and verifies identities within a closed group of users. While easy to do, this approach is extremely hard and costly to scale upwards and offers no interoperability with other authentication networks.'"

anon writes "Every security savvy professional lives with the daily fear of the "never expiring password" being exposed. It's the unspoken taboo, the wide open back door in every corporate network. But no-one ever acknowledges it or discusses it. All applications have got pre-defined passwords that never change. Which means developers, privileged users and hosting third party service providers will all have access to these passwords."

LuMinoR writes "In a cool contest with a Halloween theme, BitDefender is inviting Linux enthusiasts to crash test their upcoming antivirus solution for Linux e-mail servers. The most thorough beta tester will receive 1,000 German beers and a trip to BitDefender's corporate headquarters in Romania, where they will attend meetings with Count Dracula, the BitDefender development team and other local luminaries."

gRitteR writes "HNS is running a story of Martin Roesch, the creator of Snort where he tells the entire story of Snort in his words. Roesch covers seven years of development that made this tool one of the most important security software titles ever developed. It's interesting to get all the details on how Snort was initially conceived as well as how it is expected to develop further now after Check Point acquired Sourcefire. There are many technical details and interesting tidbits not available before."

LogError writes "The Web Application Firewall Evaluation Criteria project announced its first public release. The goal of the project is to develop a testing methodology that can be used by any reasonably skilled technician to independently assess quality of a web application firewall."

LogError writes "The Web Application Firewall Evaluation Criteria project announced its first public release. The goal of the project is to develop a testing methodology that can be used by any reasonably skilled technician to independently assess quality of a web application firewall."

LogError writes "The Common Malware Enumeration Initiative was just announced. Headed by the United States Computer Emergency Readiness Team (US-CERT) and supported by an editorial board of anti-virus vendors and related organizations it should provide a neutral, shared identification method for malware outbreaks."

LogError writes "The Common Malware Enumeration Initiative was just announced. Headed by the United States Computer Emergency Readiness Team (US-CERT) and supported by an editorial board of anti-virus vendors and related organizations it should provide a neutral, shared identification method for malware outbreaks."

LogError writes "In this audio learning session, Joseph Zacharias, Managing Director at Kerio Technologies UK, discusses the major aspects of e-mail security, including viral threats and different anti-spam techniques. He especially focuses on the new Microsoft Caller ID technology."

LogError writes "In this audio learning session, Joseph Zacharias, Managing Director at Kerio Technologies UK, discusses the major aspects of e-mail security, including viral threats and different anti-spam techniques. He especially focuses on the new Microsoft Caller ID technology."

LogError writes "This paper discusses the collaboration between security and development in the enterprise software development lifecycle."

LogError writes "This paper discusses the collaboration between security and development in the enterprise software development lifecycle."

LogError writes "This paper addresses operating system hardening in terms of patching, administration roles, and setting passwords. It also provides information on Mac OS X network security: namely, basic firewall configuration and hardening of network services such as FTP, SSH, and Apache."

LogError writes "This paper addresses operating system hardening in terms of patching, administration roles, and setting passwords. It also provides information on Mac OS X network security: namely, basic firewall configuration and hardening of network services such as FTP, SSH, and Apache."

OenMarK writes "I ran into an article that is basically an overview of events, software releases, and happenings related to wireless security. There's also a Q&A with some wireless security experts, one of which is from IBM. What's your take on wireless security? Are we there yet?" This is the same site that also hosts the look back at Linux security we posted earlier. They complement each other well.

LogError writes "Here's a look at some interesting happenings with Linux security in 2003 with comments by Bob Toxen (one of the 162 recognized developers of Berkeley UNIX and author of "Real World Linux Security") and Marcel Gagne (President of Salmar Consulting, Inc. and author of "Linux System Administration - A User's Guide" and "Moving to Linux")."

LogError writes "Here's a look at some interesting happenings with Linux security in 2003 with comments by Bob Toxen (one of the 162 recognized developers of Berkeley UNIX and author of "Real World Linux Security") and Marcel Gagne (President of Salmar Consulting, Inc. and author of "Linux System Administration - A User's Guide" and "Moving to Linux")."

thebatlab writes "Help Net Security has an interesting look at security in Windows during 2003, with various blurbs from related parties at Microsoft as well as security 'bigwigs' such as Russ Cooper. It's interesting to read the comments from external parties, as they tend to be very reasoned comments and don't simply attack away over recent 'indiscretions' and 'security lapses' Microsoft has had over the year."

LogError writes "Many documents discuss the actual insertion of HTML into a vulnerable script, but stop short of explaining the full ramifications of what can be done with a successful XSS attack. While this is adequate for prevention, the exact impact of cross site scripting attacks has not been fully appreciated. This paper will explore those possibilities."

LogError writes "Many documents discuss the actual insertion of HTML into a vulnerable script, but stop short of explaining the full ramifications of what can be done with a successful XSS attack. While this is adequate for prevention, the exact impact of cross site scripting attacks has not been fully appreciated. This paper will explore those possibilities."

LogError writes "Sebek is a piece of code the lives entirely in kernel space and records either some or all data accessed by users on the system. This paper is a detailed discussion of Sebek, how it works and its value."

LogError writes "Sebek is a piece of code the lives entirely in kernel space and records either some or all data accessed by users on the system. This paper is a detailed discussion of Sebek, how it works and its value."

LogError writes "Sombria ("shadowy" in Portuguese) is a honeypot system set up in Tokyo, Japan, that is intended for network surveillance and research and not for production purposes. This paper provides some statistics and an overview of the most prominent attacks from May through July 2003."

LogError writes "Sombria ("shadowy" in Portuguese) is a honeypot system set up in Tokyo, Japan, that is intended for network surveillance and research and not for production purposes. This paper provides some statistics and an overview of the most prominent attacks from May through July 2003."

LogError writes "On July 1, 2003, Senate bill 1386 becomes Civil Code 1798.82. In a nutshell, the law states that any person or company doing business in the state of California is responsible for notifying California residents of security breaches to their non-encrypted information. It is important to note that the actual breach does not need to occur in the state of California for the law to apply."

LogError writes "On July 1, 2003, Senate bill 1386 becomes Civil Code 1798.82. In a nutshell, the law states that any person or company doing business in the state of California is responsible for notifying California residents of security breaches to their non-encrypted information. It is important to note that the actual breach does not need to occur in the state of California for the law to apply."

Mirko Zorz writes "Here are the reflections on Linux security in 2002 and predictions for 2003 by Bob Toxen, one of the 162 recognized developers of Berkeley UNIX and author of the acclaimed book "Real World Linux Security" already in its 2nd edition. Read more at Help Net Security."

Mirko Zorz writes "Here are the reflections on Linux security in 2002 and predictions for 2003 by Bob Toxen, one of the 162 recognized developers of Berkeley UNIX and author of the acclaimed book "Real World Linux Security" already in its 2nd edition. Read more at Help Net Security."

Berislav Kucan writes with the following review of Real World Linux Security, 2nd edition. If you've already had a break-in, or just want to avoid it in the future, this book has some tips for you. Real World Linux Security, 2nd edition author Bob Toxen pages 848 publisher Prentice Hall PTR rating 10 reviewer Berislav Kucan ISBN 0130464562 summary In the mentioned 800 pages, this book proves to be pure gold, when we are talking about all aspects of Linux security. Well written, filled with lot of interesting tips and facts about securing the Linux environment, the book can be used both for pumping your knowledge and as a reference in your future security related work.

Who's behind this book?

The author of this book, Bob Toxen, is one of the 162 recognized developers of Berkeley UNIX. He has more then 28 years of UNIX and 8 years of Linux experience. Trivia from his resume includes that he was one of the four developers who did the initial port of UNIX to Silicon Graphics hardware, that he was an architect of the client/server system used by NASA's Kennedy Space Center and that he wrote the "The Problem Solver" column for popular UNIX Review magazine. Currently he is a president of Fly-By-Day Consulting, Inc. offering Linux security-consulting services.

The cover

The Real World Linux Security cover features Cerberus, the three headed dog that safeguarded the entrance to Hades. Hades is an underground place from Greek mythology where deceased people ended up. Cerberus was there to stop the demons from Hades to escape into our world, and vice-versa - stopping the living people entering the Hades. Mr. Toxen did a metaphor connecting the three headed demon dog to a system administrator. How come? "This is not unlike the security aspects of system administrator's job and it certainly seems to require three heads to keep ahead of the problem," he notes.

Inside the book

From the introduction credits, you can see that this book will be an interesting read. The author has a lot of expertise in Linux/UNIX areas, which gives the credibility to the book's title "Real World Linux Security." Another big plus is that the book has about 800 pages of valuable information, divided into these four interest areas:

• Securing your system
• Preparing for an intrusion
• Detecting an intrusion
• Recovering from an intrusion

Securing your system is an imperative for any system administrator. There are many ways to stay in touch with the latest security problems, so patching vulnerable services must be done on a regular basis. Patching won't keep you secure if you don't consider every "living" thing that runs on your production server as a possible entrance into your system. The first part of the book covers the initial step in the "security ring." There are "Seven Most Deadly Sins," the author is warning us:

1. Weak and default passwords
   
2. Open Network ports
   
3. Old software versions
   
4. Insecure and badly configured programs
   
5. Insufficient resources and misplaced priorities
   
6. Stale and unnecessary accounts
   
7. Procrastination
   

If you are interested in various aspects and details on securing your system, you'll enjoy the first 400 pages of the book as it deals with:

• quick fixes for common problems (shutting down unnecessary services, using quality passwords, limiting access)
• common subsystem hacking (playing with sendmail, POP and IMAP servers, samba etc)
• usual hacker attacks (rootkits, packet spoofing, man in the middle and other common attacks)
• advanced security issues (apache and web server security techniques, buffer overflows)

After securing your system, what should you do as the next step? Well -- secure it even more, of course. The second part of the book continues with hardening the system, which is a must for preparing on a possibility of an intrusion. Possible intrusion must always be on your mind, as no one is safe when connected to the Internet. Vulnerability scanners deployed by crackers don't see the difference between your home computer system, a test e-commerce server or a big consultancy company server -- if you have a vulnerable service running on it, you'll probably get burned. This part introduces you to the world of protecting user sessions with SSH, Virtual Private Networks, PGP/GPG cryptography usage, firewalls and DMZs and preparing your hardware to meet the security readiness. I should especially note a great coverage on iptables with some helpful rule sets both mentioned in the book and placed on the CD.

This publication also bears in mind the situation of your system being compromised. It is noted that probably 10-20 percent of people reading this book will suffer a system break-in. By proactively monitoring your system and keeping up-to-date with security web sites, you can reduce the risk of someone hacking your system to the minimum. As a quality security book should have in mind, Real World Linux Security also deals with the darkest system administrator's moment -- successful compromise. The author explains the steps of regaining the control of your system, finding and repairing the damage, tracking the attacker, and sending him/her/them to prison.

As a notable addition, the author doesn't stay blindly connected with just Linux security. As a true expert in his field, he walks into some areas that aren't closely connected with Linux, but with security in general. One of the examples is a 20 page chapter dealing with security policies. In this mini suggestion to the decision makers, he guides us through the possible policies - from accounts and e-mail to network topology, problem reporting and even policy policies.

Another good part that came from Mr. Toxen's experience is a part called "Case studies." Several stories contained in this area describe some of the actual cases that can be compared with hacking history jewels like "Masters of Deception: The Gang That Ruled Cyberspace" by Slatalla/Quittner and "Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage." Stories here describe old-school playing cat-and-mouse with Berkeley sysadmins back in late seventies and making virtual-machine trojans to the latest issues with easy DNS information changes and Microsoft's Visual Studio .Net getting shipped with Nimda worm.

The CD-ROM

The accompanying CD-ROM contains the author's own software for instantly locking out attackers and alerting system administrators. There are also exclusive iptables and ipchains firewall rules, as well as a collection of tools for monitoring network health, detecting and reporting suspicious activities, securing backups, simplifying recovery etc.

The CD has two main folders: "book" and "net." The "book" folder contains up to 100 files, mostly written by the author especially for the needs of this book. These files include Cracker Trap software, sample iptables and ipchains scripts and various useful programs for doing different security related activities. The other folder contains about 40 MB of security software that the author used as references in this book. The tools from this section contain: crack, firestarter, sniffit, john the ripper, LIDS, netfilter, ntop, samhain, snort and more. As you can see, Mr. Toxen has really worked hard to make this CD a worthy addition to the book.

The verdict

After reading some of the comments on the first edition of this book and briefly taking a look at the chapters of this second edition, I knew it would be a great read. After reading it, I must say that "Real World Linux Security" is even better -- I can even say terrific. In the mentioned 800 pages, this book proves to be pure gold, when we are talking about all aspects of Linux security. Well written, filled with lot of interesting tips and facts about securing the Linux environment, the book can be used both for pumping your knowledge and as a reference in your future security related work.

The release of a second edition of this book was proven to be a good choice, and I am really looking forward to the possible third edition in the future.

An interview with the author is available here.

You can purchase Real World Linux Security from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Berislav Kucan writes with the following review of Real World Linux Security, 2nd edition. If you've already had a break-in, or just want to avoid it in the future, this book has some tips for you. Real World Linux Security, 2nd edition author Bob Toxen pages 848 publisher Prentice Hall PTR rating 10 reviewer Berislav Kucan ISBN 0130464562 summary In the mentioned 800 pages, this book proves to be pure gold, when we are talking about all aspects of Linux security. Well written, filled with lot of interesting tips and facts about securing the Linux environment, the book can be used both for pumping your knowledge and as a reference in your future security related work.

Who's behind this book?

The author of this book, Bob Toxen, is one of the 162 recognized developers of Berkeley UNIX. He has more then 28 years of UNIX and 8 years of Linux experience. Trivia from his resume includes that he was one of the four developers who did the initial port of UNIX to Silicon Graphics hardware, that he was an architect of the client/server system used by NASA's Kennedy Space Center and that he wrote the "The Problem Solver" column for popular UNIX Review magazine. Currently he is a president of Fly-By-Day Consulting, Inc. offering Linux security-consulting services.

The cover

The Real World Linux Security cover features Cerberus, the three headed dog that safeguarded the entrance to Hades. Hades is an underground place from Greek mythology where deceased people ended up. Cerberus was there to stop the demons from Hades to escape into our world, and vice-versa - stopping the living people entering the Hades. Mr. Toxen did a metaphor connecting the three headed demon dog to a system administrator. How come? "This is not unlike the security aspects of system administrator's job and it certainly seems to require three heads to keep ahead of the problem," he notes.

Inside the book

From the introduction credits, you can see that this book will be an interesting read. The author has a lot of expertise in Linux/UNIX areas, which gives the credibility to the book's title "Real World Linux Security." Another big plus is that the book has about 800 pages of valuable information, divided into these four interest areas:

• Securing your system
• Preparing for an intrusion
• Detecting an intrusion
• Recovering from an intrusion

Securing your system is an imperative for any system administrator. There are many ways to stay in touch with the latest security problems, so patching vulnerable services must be done on a regular basis. Patching won't keep you secure if you don't consider every "living" thing that runs on your production server as a possible entrance into your system. The first part of the book covers the initial step in the "security ring." There are "Seven Most Deadly Sins," the author is warning us:

1. Weak and default passwords
   
2. Open Network ports
   
3. Old software versions
   
4. Insecure and badly configured programs
   
5. Insufficient resources and misplaced priorities
   
6. Stale and unnecessary accounts
   
7. Procrastination
   

If you are interested in various aspects and details on securing your system, you'll enjoy the first 400 pages of the book as it deals with:

• quick fixes for common problems (shutting down unnecessary services, using quality passwords, limiting access)
• common subsystem hacking (playing with sendmail, POP and IMAP servers, samba etc)
• usual hacker attacks (rootkits, packet spoofing, man in the middle and other common attacks)
• advanced security issues (apache and web server security techniques, buffer overflows)

After securing your system, what should you do as the next step? Well -- secure it even more, of course. The second part of the book continues with hardening the system, which is a must for preparing on a possibility of an intrusion. Possible intrusion must always be on your mind, as no one is safe when connected to the Internet. Vulnerability scanners deployed by crackers don't see the difference between your home computer system, a test e-commerce server or a big consultancy company server -- if you have a vulnerable service running on it, you'll probably get burned. This part introduces you to the world of protecting user sessions with SSH, Virtual Private Networks, PGP/GPG cryptography usage, firewalls and DMZs and preparing your hardware to meet the security readiness. I should especially note a great coverage on iptables with some helpful rule sets both mentioned in the book and placed on the CD.

This publication also bears in mind the situation of your system being compromised. It is noted that probably 10-20 percent of people reading this book will suffer a system break-in. By proactively monitoring your system and keeping up-to-date with security web sites, you can reduce the risk of someone hacking your system to the minimum. As a quality security book should have in mind, Real World Linux Security also deals with the darkest system administrator's moment -- successful compromise. The author explains the steps of regaining the control of your system, finding and repairing the damage, tracking the attacker, and sending him/her/them to prison.

As a notable addition, the author doesn't stay blindly connected with just Linux security. As a true expert in his field, he walks into some areas that aren't closely connected with Linux, but with security in general. One of the examples is a 20 page chapter dealing with security policies. In this mini suggestion to the decision makers, he guides us through the possible policies - from accounts and e-mail to network topology, problem reporting and even policy policies.

Another good part that came from Mr. Toxen's experience is a part called "Case studies." Several stories contained in this area describe some of the actual cases that can be compared with hacking history jewels like "Masters of Deception: The Gang That Ruled Cyberspace" by Slatalla/Quittner and "Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage." Stories here describe old-school playing cat-and-mouse with Berkeley sysadmins back in late seventies and making virtual-machine trojans to the latest issues with easy DNS information changes and Microsoft's Visual Studio .Net getting shipped with Nimda worm.

The CD-ROM

The accompanying CD-ROM contains the author's own software for instantly locking out attackers and alerting system administrators. There are also exclusive iptables and ipchains firewall rules, as well as a collection of tools for monitoring network health, detecting and reporting suspicious activities, securing backups, simplifying recovery etc.

The CD has two main folders: "book" and "net." The "book" folder contains up to 100 files, mostly written by the author especially for the needs of this book. These files include Cracker Trap software, sample iptables and ipchains scripts and various useful programs for doing different security related activities. The other folder contains about 40 MB of security software that the author used as references in this book. The tools from this section contain: crack, firestarter, sniffit, john the ripper, LIDS, netfilter, ntop, samhain, snort and more. As you can see, Mr. Toxen has really worked hard to make this CD a worthy addition to the book.

The verdict

After reading some of the comments on the first edition of this book and briefly taking a look at the chapters of this second edition, I knew it would be a great read. After reading it, I must say that "Real World Linux Security" is even better -- I can even say terrific. In the mentioned 800 pages, this book proves to be pure gold, when we are talking about all aspects of Linux security. Well written, filled with lot of interesting tips and facts about securing the Linux environment, the book can be used both for pumping your knowledge and as a reference in your future security related work.

The release of a second edition of this book was proven to be a good choice, and I am really looking forward to the possible third edition in the future.

An interview with the author is available here.

You can purchase Real World Linux Security from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Berislav Kucan writes with the following review of Real World Linux Security, 2nd edition. If you've already had a break-in, or just want to avoid it in the future, this book has some tips for you. Real World Linux Security, 2nd edition author Bob Toxen pages 848 publisher Prentice Hall PTR rating 10 reviewer Berislav Kucan ISBN 0130464562 summary In the mentioned 800 pages, this book proves to be pure gold, when we are talking about all aspects of Linux security. Well written, filled with lot of interesting tips and facts about securing the Linux environment, the book can be used both for pumping your knowledge and as a reference in your future security related work.

Who's behind this book?

The author of this book, Bob Toxen, is one of the 162 recognized developers of Berkeley UNIX. He has more then 28 years of UNIX and 8 years of Linux experience. Trivia from his resume includes that he was one of the four developers who did the initial port of UNIX to Silicon Graphics hardware, that he was an architect of the client/server system used by NASA's Kennedy Space Center and that he wrote the "The Problem Solver" column for popular UNIX Review magazine. Currently he is a president of Fly-By-Day Consulting, Inc. offering Linux security-consulting services.

The cover

The Real World Linux Security cover features Cerberus, the three headed dog that safeguarded the entrance to Hades. Hades is an underground place from Greek mythology where deceased people ended up. Cerberus was there to stop the demons from Hades to escape into our world, and vice-versa - stopping the living people entering the Hades. Mr. Toxen did a metaphor connecting the three headed demon dog to a system administrator. How come? "This is not unlike the security aspects of system administrator's job and it certainly seems to require three heads to keep ahead of the problem," he notes.

Inside the book

From the introduction credits, you can see that this book will be an interesting read. The author has a lot of expertise in Linux/UNIX areas, which gives the credibility to the book's title "Real World Linux Security." Another big plus is that the book has about 800 pages of valuable information, divided into these four interest areas:

• Securing your system
• Preparing for an intrusion
• Detecting an intrusion
• Recovering from an intrusion

Securing your system is an imperative for any system administrator. There are many ways to stay in touch with the latest security problems, so patching vulnerable services must be done on a regular basis. Patching won't keep you secure if you don't consider every "living" thing that runs on your production server as a possible entrance into your system. The first part of the book covers the initial step in the "security ring." There are "Seven Most Deadly Sins," the author is warning us:

1. Weak and default passwords
   
2. Open Network ports
   
3. Old software versions
   
4. Insecure and badly configured programs
   
5. Insufficient resources and misplaced priorities
   
6. Stale and unnecessary accounts
   
7. Procrastination
   

If you are interested in various aspects and details on securing your system, you'll enjoy the first 400 pages of the book as it deals with:

• quick fixes for common problems (shutting down unnecessary services, using quality passwords, limiting access)
• common subsystem hacking (playing with sendmail, POP and IMAP servers, samba etc)
• usual hacker attacks (rootkits, packet spoofing, man in the middle and other common attacks)
• advanced security issues (apache and web server security techniques, buffer overflows)

After securing your system, what should you do as the next step? Well -- secure it even more, of course. The second part of the book continues with hardening the system, which is a must for preparing on a possibility of an intrusion. Possible intrusion must always be on your mind, as no one is safe when connected to the Internet. Vulnerability scanners deployed by crackers don't see the difference between your home computer system, a test e-commerce server or a big consultancy company server -- if you have a vulnerable service running on it, you'll probably get burned. This part introduces you to the world of protecting user sessions with SSH, Virtual Private Networks, PGP/GPG cryptography usage, firewalls and DMZs and preparing your hardware to meet the security readiness. I should especially note a great coverage on iptables with some helpful rule sets both mentioned in the book and placed on the CD.

This publication also bears in mind the situation of your system being compromised. It is noted that probably 10-20 percent of people reading this book will suffer a system break-in. By proactively monitoring your system and keeping up-to-date with security web sites, you can reduce the risk of someone hacking your system to the minimum. As a quality security book should have in mind, Real World Linux Security also deals with the darkest system administrator's moment -- successful compromise. The author explains the steps of regaining the control of your system, finding and repairing the damage, tracking the attacker, and sending him/her/them to prison.

As a notable addition, the author doesn't stay blindly connected with just Linux security. As a true expert in his field, he walks into some areas that aren't closely connected with Linux, but with security in general. One of the examples is a 20 page chapter dealing with security policies. In this mini suggestion to the decision makers, he guides us through the possible policies - from accounts and e-mail to network topology, problem reporting and even policy policies.

Another good part that came from Mr. Toxen's experience is a part called "Case studies." Several stories contained in this area describe some of the actual cases that can be compared with hacking history jewels like "Masters of Deception: The Gang That Ruled Cyberspace" by Slatalla/Quittner and "Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage." Stories here describe old-school playing cat-and-mouse with Berkeley sysadmins back in late seventies and making virtual-machine trojans to the latest issues with easy DNS information changes and Microsoft's Visual Studio .Net getting shipped with Nimda worm.

The CD-ROM

The accompanying CD-ROM contains the author's own software for instantly locking out attackers and alerting system administrators. There are also exclusive iptables and ipchains firewall rules, as well as a collection of tools for monitoring network health, detecting and reporting suspicious activities, securing backups, simplifying recovery etc.

The CD has two main folders: "book" and "net." The "book" folder contains up to 100 files, mostly written by the author especially for the needs of this book. These files include Cracker Trap software, sample iptables and ipchains scripts and various useful programs for doing different security related activities. The other folder contains about 40 MB of security software that the author used as references in this book. The tools from this section contain: crack, firestarter, sniffit, john the ripper, LIDS, netfilter, ntop, samhain, snort and more. As you can see, Mr. Toxen has really worked hard to make this CD a worthy addition to the book.

The verdict

After reading some of the comments on the first edition of this book and briefly taking a look at the chapters of this second edition, I knew it would be a great read. After reading it, I must say that "Real World Linux Security" is even better -- I can even say terrific. In the mentioned 800 pages, this book proves to be pure gold, when we are talking about all aspects of Linux security. Well written, filled with lot of interesting tips and facts about securing the Linux environment, the book can be used both for pumping your knowledge and as a reference in your future security related work.

The release of a second edition of this book was proven to be a good choice, and I am really looking forward to the possible third edition in the future.

An interview with the author is available here.

You can purchase Real World Linux Security from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Mirko Zorz writes "Internet Site Security - what a name for a book. When I first heard about it I was thinking: '1400 pages, 6 CDs,' but when the book came and I began to read through it, I realized how much good information the authors were able to fit into just over 400 pages. We all want 'big books' but with this one, the authors take a somewhat different approach, one that is less connected to software versions and that will endure in time. But, before we get into the core of the book, let's take a look at the people behind it." Mirko's review continues below. Internet Site Security author Erik Schetina, Ken Green and Jacob Carlson pages 432 publisher Addison Wesley rating 8 reviewer Mirko Zorz ISBN 0672323060 summary This book manages to shed new light on the problems of security implementation; a good gift idea for both your IT manager and your system administrator.

About the authors

Erik Schetina, CISSP, is the CTO for TrustWave Corporation. He spent 14 years with the U.S. Department of Defense developing information security systems and public key cryptosystems. Jacob Carlson is a senior security engineer for TrustWave Corporation. His primary role is leading the penetration testing and vulnerability assessment team. In his copious free time he likes breaking things and writing code. Ken Green is a senior security engineer for TrustWave Corporation where he works extensively on intrusion detection systems, firewalls, and virtual private network initiatives.

When you read biographies like the ones above you can be somehow reassured that the content of the book is good. All of the authors come from TrustWave Corporation and the fact that they work together has influenced the writing of this book, in a very good way.

The basics

At the very beginning of the book the authors show us that the starting point of building a secure environment is not the implementation of a solution but rather the defining of the assets we want to protect. You have to know what's a threat to your assets in order to choose the best security solution.

The authors manage to successfully illustrate how different things such as system administration, policy and audits fit into an overall security plan. Through the book, the authors educate the reader by making sure he sees "the big picture." The bottom line is that "the transition from a techie to a security professional consists in the recognizing the importance of all the components of security." In the second chapter some great material is covered: description of the security process, assessment and policy, asset protection, monitoring and detection.

Which one is better?

When describing the way things can be done, the authors always give you the pros and the cons. For example, at one point they describe the difference when using commercial scanners in penetration testing compared to using a team of people who will do it by hand. They provide good pros and cons for both ways, and that's one of the great things about this book, you always get to look at the other side of the coin.

The insecurities

What we all know is that the Internet is inherently insecure -- that's why this book was published in the first place. The authors explain why it's insecure, who administers it and how it works. Some of the topics presented here are: an overview of TCP/IP, the Domain Name Service (DNS), Whois databases, anonymity, and much more.

History is also present in this book. Chapter 4 begins with a brief overview of the history of the Internet and the TCP/IP protocol suite. Also mentioned is the Morris Worm (November 1998). As we move on, the DNS is explained in greater detail (with some security issues addressed specifically), and we are slowly presented with an abundance of technical details that stretches over several chapters. Some of the things that are explained in the book include: secure protocols, virtual private network protocols and encapsulation, the secure shell (SSH) and authentication systems.

As an inevitable part of a book of this kind, there's a part dedicated to passwords (and good rules for their generation), and another on digital certificates. The authors present the shortcomings of certificates as well as their best uses. Although neither of these are explained in great detail, you'll be able to get an overview of the things presented.

Moving on, we get a plethora of information covering: firewalls, DMZs, VPNs, external and internal threats, the security of wireless networks, workstation management issues, intrusion detection systems and log processing, etc.

Operating systems

The book also gives some good information when it comes to operating systems and server software. Some of the covered topics include:

• Windows NT and 2000 - authentication, access tokens, security identifiers, object access control lists, tightening Windows users rights, etc.
• Linux - overview of the Linux Kernel, file system permissions, authentication mechanisms, how PAM works, etc.
• Server security: web, mail, FTP, etc.

Attack and defense

If you want information about attacks, denials of service attacks are covered in great detail, along with many other attack scenarios. Since you also want to protect yourself from all of these attacks there's naturally much material dedicated to firewalls: their functions, implementation issues and vulnerabilities. Now that's not enough, is it? Now you want more. There's a whole chapter dedicated to intrusion detection systems and one dedicated to incident response and forensics. The chapter on incident response and forensics will be of particular interest for all of you who want more knowledge of legal and privacy issues.

Secure Code

To complete the book, there's a chapter dedicated to the developers, which discusses the development of secure Internet applications. Here you'll be able to read about common sources of programming mistakes, exploiting executable code, application-level security, coding standards, and more.

The verdict

This book manages to shade a new light on the problems of security implementation by explaining the position of the system administrator and the position of the IT manager in order to make them both understand their role in the overall process of security in the company. It's a good idea to give it to both your IT manager and your system administrator, they will both learn from it and in the process start to understand each other on a new level. With this book, you basically learn to think on a larger scale.

There are not many downsides. There are basically only two things that I didn't like about this book: the lack of resources, and (in parts) the writing style. There are not enough resources listed, and I always like to get to more information. As regards the writing style it's obvious that this book was not meant to entertain in any way, but it sometimes seems a bit too serious. I always believed that learning should be fun. That's just me :)

Overall, this is an excellent book, two thumbs up!

If you're interested in hearing what one of the authors of the book has to say, you can check out an interview with him here. You can purchase Internet Site Security from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Mirko Zorz writes "Internet Site Security - what a name for a book. When I first heard about it I was thinking: '1400 pages, 6 CDs,' but when the book came and I began to read through it, I realized how much good information the authors were able to fit into just over 400 pages. We all want 'big books' but with this one, the authors take a somewhat different approach, one that is less connected to software versions and that will endure in time. But, before we get into the core of the book, let's take a look at the people behind it." Mirko's review continues below. Internet Site Security author Erik Schetina, Ken Green and Jacob Carlson pages 432 publisher Addison Wesley rating 8 reviewer Mirko Zorz ISBN 0672323060 summary This book manages to shed new light on the problems of security implementation; a good gift idea for both your IT manager and your system administrator.

About the authors

Erik Schetina, CISSP, is the CTO for TrustWave Corporation. He spent 14 years with the U.S. Department of Defense developing information security systems and public key cryptosystems. Jacob Carlson is a senior security engineer for TrustWave Corporation. His primary role is leading the penetration testing and vulnerability assessment team. In his copious free time he likes breaking things and writing code. Ken Green is a senior security engineer for TrustWave Corporation where he works extensively on intrusion detection systems, firewalls, and virtual private network initiatives.

When you read biographies like the ones above you can be somehow reassured that the content of the book is good. All of the authors come from TrustWave Corporation and the fact that they work together has influenced the writing of this book, in a very good way.

The basics

At the very beginning of the book the authors show us that the starting point of building a secure environment is not the implementation of a solution but rather the defining of the assets we want to protect. You have to know what's a threat to your assets in order to choose the best security solution.

The authors manage to successfully illustrate how different things such as system administration, policy and audits fit into an overall security plan. Through the book, the authors educate the reader by making sure he sees "the big picture." The bottom line is that "the transition from a techie to a security professional consists in the recognizing the importance of all the components of security." In the second chapter some great material is covered: description of the security process, assessment and policy, asset protection, monitoring and detection.

Which one is better?

When describing the way things can be done, the authors always give you the pros and the cons. For example, at one point they describe the difference when using commercial scanners in penetration testing compared to using a team of people who will do it by hand. They provide good pros and cons for both ways, and that's one of the great things about this book, you always get to look at the other side of the coin.

The insecurities

What we all know is that the Internet is inherently insecure -- that's why this book was published in the first place. The authors explain why it's insecure, who administers it and how it works. Some of the topics presented here are: an overview of TCP/IP, the Domain Name Service (DNS), Whois databases, anonymity, and much more.

History is also present in this book. Chapter 4 begins with a brief overview of the history of the Internet and the TCP/IP protocol suite. Also mentioned is the Morris Worm (November 1998). As we move on, the DNS is explained in greater detail (with some security issues addressed specifically), and we are slowly presented with an abundance of technical details that stretches over several chapters. Some of the things that are explained in the book include: secure protocols, virtual private network protocols and encapsulation, the secure shell (SSH) and authentication systems.

As an inevitable part of a book of this kind, there's a part dedicated to passwords (and good rules for their generation), and another on digital certificates. The authors present the shortcomings of certificates as well as their best uses. Although neither of these are explained in great detail, you'll be able to get an overview of the things presented.

Moving on, we get a plethora of information covering: firewalls, DMZs, VPNs, external and internal threats, the security of wireless networks, workstation management issues, intrusion detection systems and log processing, etc.

Operating systems

The book also gives some good information when it comes to operating systems and server software. Some of the covered topics include:

• Windows NT and 2000 - authentication, access tokens, security identifiers, object access control lists, tightening Windows users rights, etc.
• Linux - overview of the Linux Kernel, file system permissions, authentication mechanisms, how PAM works, etc.
• Server security: web, mail, FTP, etc.

Attack and defense

If you want information about attacks, denials of service attacks are covered in great detail, along with many other attack scenarios. Since you also want to protect yourself from all of these attacks there's naturally much material dedicated to firewalls: their functions, implementation issues and vulnerabilities. Now that's not enough, is it? Now you want more. There's a whole chapter dedicated to intrusion detection systems and one dedicated to incident response and forensics. The chapter on incident response and forensics will be of particular interest for all of you who want more knowledge of legal and privacy issues.

Secure Code

To complete the book, there's a chapter dedicated to the developers, which discusses the development of secure Internet applications. Here you'll be able to read about common sources of programming mistakes, exploiting executable code, application-level security, coding standards, and more.

The verdict

This book manages to shade a new light on the problems of security implementation by explaining the position of the system administrator and the position of the IT manager in order to make them both understand their role in the overall process of security in the company. It's a good idea to give it to both your IT manager and your system administrator, they will both learn from it and in the process start to understand each other on a new level. With this book, you basically learn to think on a larger scale.

There are not many downsides. There are basically only two things that I didn't like about this book: the lack of resources, and (in parts) the writing style. There are not enough resources listed, and I always like to get to more information. As regards the writing style it's obvious that this book was not meant to entertain in any way, but it sometimes seems a bit too serious. I always believed that learning should be fun. That's just me :)

Overall, this is an excellent book, two thumbs up!

If you're interested in hearing what one of the authors of the book has to say, you can check out an interview with him here. You can purchase Internet Site Security from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

LogError writes "Jon Callas, one of the co-founders of the new PGP Corporation, is an innovator and an acknowledged expert in all major aspects of contemporary business security, including cryptography, operating system security, public key infrastructure, and intellectual property rights. Read the interview at Help Net Security."

LogError writes "Jon Callas, one of the co-founders of the new PGP Corporation, is an innovator and an acknowledged expert in all major aspects of contemporary business security, including cryptography, operating system security, public key infrastructure, and intellectual property rights. Read the interview at Help Net Security."

LogError writes: "Randy M. Nash writes in this article: 'Why are there so many concerns about online banking? Where is the breakdown in security? Even brick and mortar banks have internal networks that must be secured. It's my understanding that these are very well secured indeed. What happens when these security-conscious organizations move their presence to the Internet?'"

LogError writes: "Randy M. Nash writes in this article: 'Why are there so many concerns about online banking? Where is the breakdown in security? Even brick and mortar banks have internal networks that must be secured. It's my understanding that these are very well secured indeed. What happens when these security-conscious organizations move their presence to the Internet?'"