Slashdot Mirror
Real World Linux Security, 2nd Edition
Who's behind this book?
The author of this book, Bob Toxen, is one of the 162 recognized developers of Berkeley UNIX. He has more then 28 years of UNIX and 8 years of Linux experience. Trivia from his resume includes that he was one of the four developers who did the initial port of UNIX to Silicon Graphics hardware, that he was an architect of the client/server system used by NASA's Kennedy Space Center and that he wrote the "The Problem Solver" column for popular UNIX Review magazine. Currently he is a president of Fly-By-Day Consulting, Inc. offering Linux security-consulting services.
The cover
The Real World Linux Security cover features Cerberus, the three headed dog that safeguarded the entrance to Hades. Hades is an underground place from Greek mythology where deceased people ended up. Cerberus was there to stop the demons from Hades to escape into our world, and vice-versa - stopping the living people entering the Hades. Mr. Toxen did a metaphor connecting the three headed demon dog to a system administrator. How come? "This is not unlike the security aspects of system administrator's job and it certainly seems to require three heads to keep ahead of the problem," he notes.
Inside the book
From the introduction credits, you can see that this book will be an interesting read. The author has a lot of expertise in Linux/UNIX areas, which gives the credibility to the book's title "Real World Linux Security." Another big plus is that the book has about 800 pages of valuable information, divided into these four interest areas:
- Securing your system
- Preparing for an intrusion
- Detecting an intrusion
- Recovering from an intrusion
- Weak and default passwords
- Open Network ports
- Old software versions
- Insecure and badly configured programs
- Insufficient resources and misplaced priorities
- Stale and unnecessary accounts
- Procrastination
If you are interested in various aspects and details on securing your system, you'll enjoy the first 400 pages of the book as it deals with:
- quick fixes for common problems (shutting down unnecessary services, using quality passwords, limiting access)
- common subsystem hacking (playing with sendmail, POP and IMAP servers, samba etc)
- usual hacker attacks (rootkits, packet spoofing, man in the middle and other common attacks)
- advanced security issues (apache and web server security techniques, buffer overflows)
After securing your system, what should you do as the next step? Well -- secure it even more, of course. The second part of the book continues with hardening the system, which is a must for preparing on a possibility of an intrusion. Possible intrusion must always be on your mind, as no one is safe when connected to the Internet. Vulnerability scanners deployed by crackers don't see the difference between your home computer system, a test e-commerce server or a big consultancy company server -- if you have a vulnerable service running on it, you'll probably get burned. This part introduces you to the world of protecting user sessions with SSH, Virtual Private Networks, PGP/GPG cryptography usage, firewalls and DMZs and preparing your hardware to meet the security readiness. I should especially note a great coverage on iptables with some helpful rule sets both mentioned in the book and placed on the CD.
This publication also bears in mind the situation of your system being compromised. It is noted that probably 10-20 percent of people reading this book will suffer a system break-in. By proactively monitoring your system and keeping up-to-date with security web sites, you can reduce the risk of someone hacking your system to the minimum. As a quality security book should have in mind, Real World Linux Security also deals with the darkest system administrator's moment -- successful compromise. The author explains the steps of regaining the control of your system, finding and repairing the damage, tracking the attacker, and sending him/her/them to prison.
As a notable addition, the author doesn't stay blindly connected with just Linux security. As a true expert in his field, he walks into some areas that aren't closely connected with Linux, but with security in general. One of the examples is a 20 page chapter dealing with security policies. In this mini suggestion to the decision makers, he guides us through the possible policies - from accounts and e-mail to network topology, problem reporting and even policy policies.
Another good part that came from Mr. Toxen's experience is a part called "Case studies." Several stories contained in this area describe some of the actual cases that can be compared with hacking history jewels like "Masters of Deception: The Gang That Ruled Cyberspace" by Slatalla/Quittner and "Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage." Stories here describe old-school playing cat-and-mouse with Berkeley sysadmins back in late seventies and making virtual-machine trojans to the latest issues with easy DNS information changes and Microsoft's Visual Studio .Net getting shipped with Nimda worm.
The CD-ROM
The accompanying CD-ROM contains the author's own software for instantly locking out attackers and alerting system administrators. There are also exclusive iptables and ipchains firewall rules, as well as a collection of tools for monitoring network health, detecting and reporting suspicious activities, securing backups, simplifying recovery etc.
The CD has two main folders: "book" and "net." The "book" folder contains up to 100 files, mostly written by the author especially for the needs of this book. These files include Cracker Trap software, sample iptables and ipchains scripts and various useful programs for doing different security related activities. The other folder contains about 40 MB of security software that the author used as references in this book. The tools from this section contain: crack, firestarter, sniffit, john the ripper, LIDS, netfilter, ntop, samhain, snort and more. As you can see, Mr. Toxen has really worked hard to make this CD a worthy addition to the book.
The verdict
After reading some of the comments on the first edition of this book and briefly taking a look at the chapters of this second edition, I knew it would be a great read. After reading it, I must say that "Real World Linux Security" is even better -- I can even say terrific. In the mentioned 800 pages, this book proves to be pure gold, when we are talking about all aspects of Linux security. Well written, filled with lot of interesting tips and facts about securing the Linux environment, the book can be used both for pumping your knowledge and as a reference in your future security related work.
The release of a second edition of this book was proven to be a good choice, and I am really looking forward to the possible third edition in the future.
An interview with the author is available here.
You can purchase Real World Linux Security from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.
And his book is definitely on my "must buy ASAP" list!
:-)
For more info, refer to this interview on Linux Online and also to this article in UNIX Review.
I mean, the guy was already hacking UNIX systems when Bill Joy was his system administrator!!
The right to offend is far more important than the right not to be offended. (Rowan Atkinson)
Could you please suggest a speed reading course that would allow me to read an 800 page book as fast as the /. book reviewers do?
"Make-Believe Windows Security"
While the review indicates LIDS is included in the CD, it does not mention if it is well covered in the text. I believe a Linux security book could really benefit by including a good discussion of LIDS. I find the available LIDS documents a bit lacking, specifically in relation to applying LIDS to a real system, with real users, running real services.
Anybody know how LIDS is dealt with in this book?
SlashDot must have some deal worked out with BN* since they are recommending you buy reviewed books there when they can be bought much cheaper ($34.99 at Amazon) elsewhere on the web.
* Full dislosure: yes I have a 'deal' worked out with Amazon in the form of their affiliate program, but it seems the typical shopper should care more about how much they are spending rather than where they are spending it.
Work for Change & GET PAID!
If it was windows security it would be 8,000
I was going to put that on my list of things to watch out for.
They intend for you to find the person trying to break into your network...and beat them with the 800 page book...
Why call it "Real World Linux Security"? The book sounds more like a book in *NIX security to me. Is this because Linux is pop, or what? Shees. The writer were even a developer of the Berkeley Unix. :-/
I demand the Cone of Silence!
If you run a server and have no idea how to secure it, this book will get you to plug all the obvious holes in short order.
After that it's just a question of how much time and effort you want to expend being safe from the more determined attacks. The strength of this book is that it is organized so you can get the most from your early simpler efforts, but still goes into as much depth as you need if you want to get really serious.
Recommended.
The accompanying CD-ROM contains the author's own software for instantly locking out attackers and alerting system administrators. There are also exclusive iptables and ipchains firewall rules, as well as a collection of tools for monitoring network health, detecting and reporting suspicious activities, securing backups, simplifying recovery etc.
When you say exclusive, I hear closed license. Is that the case? If I get the book, and look at the iptables and ipchains configs provided am I actually allowed to use it on my own firewall box? Am I allowed to recommend them to my friends? My employer?
The review says the author's own software is also included. What sort of license is it provided under? Is there a EULA with proscriptive provisions? Will I only find out about the license/EULA after I have bought the book and loaded the CD?
Work for Change & GET PAID!
I can't believe B&N would sell this for $47... I guess they are relying on lazyness. A few mouse clicks will generally yield better results.
Who's behind this book?
The author of this book, Bob Toxen, is one of the 162 recognized developers of Berkeley UNIX. He has more then 28 years of UNIX and 8 years of Linux experience. Trivia from his resume includes that he was one of the four developers who did the initial port of UNIX to Silicon Graphics hardware, that he was an architect of the client/server system used by NASA's Kennedy Space Center and that he wrote the "The Problem Solver" column for popular UNIX Review magazine. Currently he is a president of Fly-By-Day Consulting, Inc. offering Linux security-consulting services.
Yes, yes -- but is he qualified?
why run from Vincenzo?
Imagine how many pages would a Windows security book would take.
RAID 1 reading: get a bunch of reviewers and make them read different chapters from different copies
RAID 0 reading: split the book in several parts and get a bunch of reviewers and make them read different chapters
Promise reading: get a reader read the odd line numbers and other the even ones
bookpool
Suncoast Linux - Sarasota, FL
t_t_b
I'm on PJ's "enemies" list! Are you?
WHat I noticed about the new editions of both books is that HLE took out stuff that's no longer relevant and/or put it online instead, while RWLS just added (often repetitive) stuff. You get a much better bang for your buck with hacking linux.
Also, hacking linux is donating any money they make from sales to the EFF. See their site for more info.
http://online.securityfocus.com/archive/98/301300/ 2002-11-24/2002-11-30/0
I was watching this thread a while back that started out as "Are Bad developer libraries the problem with M$ software" and evolved into "Security Education in the Workplace".
Last night, i was wearing my defcon shirt while doing some christmas shopping, and the kid behind the counter at Bookman's commented on it. Well, he turned out to be a THIRD year C.S student from ASU...he bitched how ASU and his last professor stressed (crammed down his throat, he said) security, so now he doesn't care about writing with security in mind. No, he said he would never write code with security in mind.
He said he'd write the code but never personally use it.
I really lost all respect for him, and at first i was pissed, but then again, that can't be such a Bad thing.
I'm competing against the likes of him, and he just lowered the bar.
As the threads mentioned above point out, it's really about programmers and the entire IT infrastructure being educated about security. At least, our CTO and CIOs should be aware about security, and have the knowledge to know that the kid from ASU would be a liability to a company and their clients.
That's the second half of the problem. The second half is just lazy developers who just copy structures blindly or move strings blindly without any checks.
Ben, you've become an UberGeek! Take me as your padawan!!!
Ill gaurantee the greeks did not spell it Kerberos, since they didn't use those letters much at all. I can't include the greek letters in the post (or at least don't know how).
Cerberus is a Latin transliteration, rather than a "spelling" since you cannot spell a greek work without the greek letters. We transliterate it as Kerberos because our pronunciation of the letter C would tend towards a soft pronounciation if we spelled it like the Romans. Their letter C was always hard. Similar with the o or u.
Since alot of our literature is from the Romans, the latin spelling has persisted, and as with many latin words, we have changed the pronunciation and often say SERberous when we see "Cerberus".
However, neither Cerberos nor Kerberos are more greek than the other. It is still the Greek Mythological three headed dog protector of Hades.
-Jacob
Thank you for the info!
To begin with, I got a lot of useful information out of this book. Bob Toxen knows his stuff, and he does a reasonable, if not superb, job of explaining it.
However...
Had it been on any other subject, I probably would have put it away and went looking for a better book not long after buying it. The only reason it was as useful as it was to me was that at the time, it was the only Linux-specific security book I could find. While there is good information, it is incredibly badly organized. The various tips seem to be haphazardly scattered around the book rather than carefully organized into any coherent scheme; and what's worse, it's redundant. Badly redundant. As I recall, many passages and some paragraphs are repeated word-for-word at different places in the book. Security issues are sometimes covered twice over in different parts of the book, artificially inflating the content. Toxen also comes across as someone who thinks of himself as a real bad-ass cowboy of the UNIX world, which contrasts poorly with the proffessional, occasionally wry tone of the classic O'Reilly UNIX books to which this book must naturally be compared.
Basicaly, the first edition was a good collection of tips and tricks, although no more so than your typical top-teir UNIX security website offers. What it badly needed was the hand of a competent editor to clean up the writing and the organization. Hopefully this second edition recuieved such a treatment.
--
CPAN rules. - Guido van Rossum
They're just his preferred scripts, etc. The 1st Edition had most of it under GPL or BSD licenses; the remainder were under a "free for personal use" licence as long as the original author is acknowledged. Most of the configs and scripts were printed verbatim in the text also.
C|N>K
If you're trying to fault him for an allegiance to BSD instead of Linux, consider that his BSD work was 15 years before Linux even existed!
Doh!
I went to U.C. Berkeley with the author and have a very similar history to his (look for me in the book ;-). We both specialize
in Linux these days, not BSD.
And yes, the book is about Linux.
What, you think that maybe if you open it, it would be all about BSD security despite the title??? Why comment about what you don't know and haven't bothered to check? Bizarre.
Professional Wild-Eyed Visionary
Yah, there are too many books in the world! Burn them! :-)
sifting through all that to get to the fresh information is tedious
If you're knowledgeable enough to already know all of the old information, why would you even consider reading a new book? Perhaps you should be writing your own book.
Oh wait, no, I forgot the "too many books in the world" point. Certainly wouldn't want to contribute to that evil!
Brand new, cutting edge, up-to-the-moment security information you get from various web sites, not books -- as you surely know.
Professional Wild-Eyed Visionary
Thanks for putting up the link to the article
I wrote with Bob for Unix Review; browsing
it really brings back nostalgic memories.
Professional Wild-Eyed Visionary
The book's author answered a direct question here...someone please mod this up to at least a 2 or 3 so that it stands out from the background (currently it's just a 1).
Professional Wild-Eyed Visionary
I just thought I would mention that this book will likely be on Oreilly Safari since the Rev. 1 is already there. I'm a big fan of Safari since I: rarely read a tech book cover to cover, I have a shelf of outdated tech books and I like their search features. [disclaimer] I have no affiliation with Oreilly Safari other than I subscribe to the service [/disclaimer]
I think you are correct in part -- lots of it certainly is applicable to Unix in general, and some of the anecdotes give warnings that would be useful even on non-Unix systems like Windows.
But the focus is nonetheless on Linux.
BTW the author posted several comments here under the user name "Real World Linux Sec" (it was truncated), but not until fairly late in the day, so most readers of the story didn't see them...search the page if you're interested to see his responses to questions.
Professional Wild-Eyed Visionary