Network Security Hacks

Anton Chuvakin writes "When I first got this little book called Network Security Hacks, I was unimpressed by its idea: a seemingly random collection of network security tips combined under the same cover. However, when I started reading, more and more often I exclaimed "Ah, that's how it is done!" as well as found better ways of doing what I was doing." Read on for the rest of Chuvakin's review. Network Security Hacks author Andrew Lockhart pages 312 publisher O'Reilly rating 8 reviewer Anton Chuvakin ISBN 0596006438 summary Surprisingly good; packs a lot of network security knowledge into a small book.

The book is structured around many security subjects. These are: UNIX, Windows, Network Security, Logging (covering collecting, summarizing and analyzing log files), Monitoring, (covering system and network monitoring and collecting various statistics), Tunnels (covering various kind of VPNs and encrypted communication), Intrusion Detection, and Recovery and Response (short section covering very basic forensics).

Each section has a dozen or more tips, each taking from a page to several pages. For example, looking for SUID and SGID files takes just half a page, while installing and configuring Snort NIDS takes several pages. As a result, the style is understandably terse and to-the point.

The book ended up being one cool collection of tips, ranging from mundane ('how to configure iptables on Linux') to fairly esoteric ('how to use MySQL as an authenticating backend for an FTP server'). If you've always wanted to use 'grsecurity' or 'systrace,' but thought they were too complicated - grab the book and give it a shot. If you want to set up a fancy encrypted tunnel between two networks, it covers that too. Admittedly, a lot of advice given in the book can be found on Google, but it is nice to find it in one place. Network Security Hacks covers selected topics in host security, SSH and VPNs, IDS, monitoring and even touches upon forensics. I also liked its multi-platform coverage, with a slight but unmistakable UNIX/Linux bias.

Overall, Network Security Hacks is a great book, provided you don't try to find in it something it isn't; it is a neat collection of simple network security tips. I somewhat disliked that many tips don't go beyond 'how to install a tool' and so stop short of discussing how to use it best. Another gripe: I'd rather some of the tips skipped the obvious (such as "./configure; make; make install") and focused on little known and cool ways to use technology for security. Network Security Hacks will be useful for people involved with system and network management, those starting up in the security field, as well as for more advanced professionals (as a way to check their knowledge and skills). Also, it helps folks to jump straight to effective ways of doing things in the areas where their skills are less developed.

For example, I knew it was possible to use SSH to create a makeshift VPN, but this books is the first I've seen with a really good description of doing so. Similarly, I found some neat MySQL hardening tips in the book. Overall, there is a lot in the book for most people who are somehow involved in computer security, particularly if they're also running UNIX or Linux.

Anton Chuvakin, Ph.D., GCIA, GCIH is a Senior Security Analyst with a major security information management company, author of Security Warrior (and contributor to Know Your Enemy II), and maintainer of security portal info-secure.org You can purchase Network Security Hacks from bn.com. Slashdot welcomes readers' book reviews. To see your own review here, carefully read the book review guidelines, then visit the submission page.

Google

[Roland+Piquepaille]

Admittedly, a lot of advice given in the book can be found on Google, but it is nice to find it in one place.

Well duh...

Google knows everything, therefore includes any book, just like sea water contains sugar (and almost any known chemical compound) but it's so diluted it would make a lousy sweetener. Therefore, books are good, whether or not Google contains the information in the book.

Re:Google

[Neil+Blender]

Google knows everything huh? How about all of the Potential pages built dynamically as the rusult of DB queries?

Google groups knows damn near everything. I have been using it since it was Deja News and I have to say, I have learned more from it than the next top ten resources at my disposal combined. Type in the most specific keywords and 'Re' (this gives you reponses to questions) and you will get answers fast. Google groups is god.

Re:Google

[Ryosen]

No doubt he put that comment there to head off the obvious, non-essential and (frankly) lame comments from others who post "big deal, I can find this info on google." Which is fine. But I can find it all in this $16 book much quicker...and it's indexed.

Re:Google

[sapgau]

Its a catch 22. Google knows everything as long as you ask with the right keywords (i.e jdbc, rmi, DCOM, etc.) If you have no idea what acronyms to include in your query then you are stuck. A good place to get a starting point on the acronyms is reading them from a book!!! :o)

Re:Google

[WuphonsReach]

Its a catch 22. Google knows everything as long as you ask with the right keywords (i.e jdbc, rmi, DCOM, etc.) If you have no idea what acronyms to include in your query then you are stuck. A good place to get a starting point on the acronyms is reading them from a book!!!

Or subscribe to a good technical rag, or skim the newsgroups or mail lists regularly.

As they like to say, "Knowing is half the battle"... yeah, simply knowing that something exists and what it might be called. I may not know anything about SYN floods today, other then they exist and are generally used as an attack mechanism. But that's plenty enough information to enable me to go read up on them in a few hours for when I really need that knowledge.

I can't know everything, but I make sure I know where to find out.

sorry ...but im not impressed

[brunokummel]

with a title like Network Security Hacks I would expect much more than teaching me how to install a program on my computer or how to use SSH to tunnel a connection like the reviewer has said.
Sorry if im being mean but you can learn just as much by reading the manpages or by using google after the how-tos.
If you really want to learn something useful about networks I suggest the good old Richard Stevens

Why is military IT not as good as it could be?

[attemptedgoalie]

Wonder why the Air Force and other military branches don't have superior IT staff?

When their time to re-enlist comes up, they can take that knowledge (and security clearance) and go get paid 5-10 times what the service pays them to work for a contactor to the NSA, FBI, CIA, or the big defense contractors.

Why would you stay?

Wonder why there are so many guys not re-enlisting? Is it that they don't want to serve or go back to Iraq? Nope. They see the private security guys there making 10-20 times what they make for the same job...

I see a trend here.

Re:Why is military IT not as good as it could be?

[OhHellWithIt]

The financial incentive was there before 9/11. Several years ago, a college friend who has a B.S. in mechanical engineering let slip the amount of her naval officer's pay. It was about 2/3 what I was getting in private industry with a liberal arts degree. Knowing her personality, she wasn't in it for the money, but out of dedication to the U.S.

It really bugs me that our military personnel get the short end of the stick, financially, when they face risks most of us do not. (After all, did YOUR boss decide to invade Iraq?) I've heard that U.S. soldiers returning from Iraq on leave are responsible for paying their own transportation from wherever the military drops them when they hit the ground. IMHO, they deserve a first class ticket from there back to their families.