Trusted SF Member
Joined: 26 Aug 2003
Location: Warwickshire, England, UK
|Posted: Wed Mar 02, 2005 1:51 am Post subject: Book Review - Network Security Using Linux
Network Security Using Linux
Author: Michael Sweeney
Publisher: Packet Press, http://www.packetpress.net
Date Published: January 2005
Book Specification: Softcover, 230 pages
Category: Linux, Network Security
Publisher's Suggested User Level: Not Rated
Reviewer's Recommended User Level: Intermediate
Suggested Publisher Price: $21.95 (Print), $10.00 (PDF), $26.95 (Print with CD)
In the world of network security, Linux is encountered in a variety of situations. It appears on modern networks as clients, servers, and as the security devices themselves. Linux is a versatile operating system and can be made to run as just about any network or security device you care to mention.
Some of the things you need to do to make a Linux security device, such as a firewall, Intrusion Detection System (IDS) or a logging server, can be complex and often involve trying to find the relevant information from a variety of incomplete sources, such as manual pages, online documentation and newsgroup or forum posts. All of this makes configuring some Linux tools quite hard work. Enter 'Network Security using Linux'...
'Network Security Using Linux' opens with a chapter on TCP/IP. This serves as a useful refresher for those with basic TCP/IP knowledge, or those who haven't worked in the field for a while and need to revise their knowledge, and will be a useful introduction to the first-timer, but is by no means a complete explanation of TCP/IP. Of course, in a book such as this, a complete discussion of TCP/IP would be out of place, and take away valuable page-space from the remaining topics of the book.
Chapters 2 and 3 relate to firewalls, and cover a few of the more popular Linux-based firewall distributions, as well as iptables itself. Again, there is not enough detail for a complete guide to iptables-based firewalling, and in this case it perhaps would have been useful to be included. Whilst the basics are there, it is not coherent enough to act both as an introduction and a reference, and you'll almost certainly find yourself turning to the netfilter (iptables) manual or documentation for all but the most primitive of firewall setups.
Chapter 4 covers the topic of updating Linux. This is a difficult area to discuss, as each distribution uses its own tools to manage software installation and updating. The author does quite a good job in this section of covering many of these, and even discusses kernel updates. There are, however, notable omissions, such as details of updating the Slackware distribution, which is a common choice for security-critical Linux systems due to its minimalistic nature.
Chapter 5 brings with it a whirlwind tour of cryptography, and introduces the field sufficiently for the purposes of discussing GnuPG, SSH and SSL, which are all covered in this chapter. The chapter also discusses SSL certificates and Apache's mod_ssl, which provides secure HTTP capabilities to the Apache web server.
Chapter 6 discusses intrusion detection, and covers the popular Snort network intrusion detection system (NIDS), as well as a brief overview of a few host-based IDS. This chapter is quite detailed, and covers installation, configuration and management of Snort, including a discussion of some tools for analysing Snort logs and producing reports. This is probably the best chapter in the book, in terms of relevant content and completeness.
Chapter 7 discusses Virtual Private Networks. It focusses on OpenSwan, an open-source VPN system for Linux, and once again contains a fairly detailed discussion of the relevant technologies.
Chapter 8, covering logging, is the last topic-specific chapter in the book, and covers syslog configuration, remote logging, log rotation and syslog-ng, an updated system logger. This chapter also covers the topic of logging Windows server events to a syslog server, and tools to convert Windows logfiles to syslog. This is an essential topic for most modern networks, which often contain Windows systems interspersed with the Linux systems.
Chapter 9 summarises the content of the whole book into a few pages, and lists a few "rules" to follow when securing a Linux system or network. In effect, this chapter repeats the conclusions and opinions stated elsewhere in the book, and is somewhat redundant in that sense.
Finally, there is an appendix containing a basic introduction to Linux commands for those who have not used Linux, or are not comfortable with the command-line. This section is almost certainly out of place in this book, since much of the content assumes a working knowledge of Linux prior to reading. Indeed, as a newcomer to the Linux operating system, you would find it difficult to make use of the majority of the information this book has to offer.
Style And Detail
The layout of the book is reasonably logical, with chapters for the various aspects of network security and Linux. The only thing that didn't make sense to me was putting the chapter on logging at the end. Whilst logging is hardly the most interesting of topics, it should have been discussed prior to the chapters on firewalls, IDS and VPNs, all of which make use of logging systems. You may find it better to read chapter 1, then skip to chapter 8 before returning to chapter 2.
In terms of the readability, the book seemed somewhat rough and in need of editing. There are several places where obvious typographic errors enter the text, and the discussion is sometimes broken and hard to follow. Furthermore, there are a lot of code samples and output listings in the text, some spanning several pages. These would be better suited to an appendix, with only those lines relevant to the discussion directly included in the chapter. As a result of these minor layout and style problems, the book appears rough and is in need of significant work to polish it into a coherent text.
After reading this book, I'm unsure as to its actual use. Those who do not know much about Linux will find it hard to follow, and probably won't get much out of it, whilst those who are more comfortable with Linux would be better served by individual references on the tools or technologies, as each would be presented in a book dedicated to that topic, allowing for much more in-depth discussion, and even reference sections.
The only market I can see for this book is for those people just getting into Linux security or Linux system administration. It will offer an overview of how all of the various technologies interconnect and interact, but such people would still need to find more information from other sources to effectively secure a network using Linux. In that case, this book falls slightly short of its title, and I can't give it more than a 4 out of 10.
This book shows potential, but it needs a second edition to refine the layout and style, and to enhance the parts which are lacking in detail, to bring them up to the standard of chapters 6 and 7. Indeed, the only reason this book deserves a score of 4 is the detailed discussion of IDS and VPNs in those two chapters.
The book is published in both print versions and online PDF versions. This review covers both the print and PDF versions.
This book receives an SFDC Rating of 4/10
Andrew J. Bennieston,
Keywords: Linux, Network Security, Snort, IDS, VPN, SSH, iptables, firewall
This review is copyright 2005 by the author and Security-Forums Dot Com, and may not be reproduced in any form in any media without the express permission of the author, or Security-Forums Dot Com.
Last edited by Stormhawk on Mon Mar 14, 2005 5:04 pm; edited 4 times in total