Joined: 01 Sep 2004
|Posted: Sun Oct 23, 2005 9:50 pm Post subject: Book Review - Linux Security Cookbook
Linux Security Cookbook
Author(s): Daniel J. Barret, Richard E. Silverman & Robert G. Byrnes
Publisher: Oreilly http://www.oreilly.com
Date Published: June 2003
Book Specifications: Softcover 311 pages
Category: Linux Security
Publisher's Suggested User Level: Not Rated
Reviewer's Recommended User Level: Intermediate Linux
Suggested Publisher Price: $39.95 US / $61.95 CDN
Amazon.com: Linux Security Cookbook
Amazon.co.uk: Linux Security Cookbook
Blurb from back cover:
Computer security is a complex process, but our easy-to-follow recipes can help improve the security of any Linux system. Need a quick way to send encrypted email within Emacs? Want to restrict access to your network services at particular times of the day? Firewall your web server? Sniff your network? set up public-key authentication for SSH? Linux Security Cookbook reveals the exact commands and configuration-file entries to accomplish these vital tasks, one step at a time, so you don't have to wade through dozens of manpages. This book is filled with practical, security-related recipes for intermediate-level Linux users and system administrators.
This book is another in Oreilly's cookbook series and follows the same format as the others. The book covers everything from using and configuring tripwire, monitoring user account access to protecting your machine on the network. The main purpose in the book is not to teach you the underlying principles, there is no detailed discussion of PKI or how TCP/IP works; its focus is on the implementation. It does however quickly and easily tell you how to implement such technologies and techniques to increase security on your Linux system and it does it quite well.
Chapter Synopsis & Review Comments
1. System Snapshots with Tripwire
A very good and detailed tutorial on using the features of tripwire, pity that it was only tripwire that was covered in detail. I would have liked to see other options, such as some custom scripts for example. On the whole though a great Tripwire resource.
2. Firewalls with iptables and ipchains
Detailed recipes for iptables and ipchains. If you have looked at the manuals for these you'll understand that these firewall tools are very complicated and have many options, it's often hard to find what you need. The recipes presented here give the information needed to get some of the most common firewall functions setup. Although not completely comprehensive and it was missing a nice complete firewall script, it was very informative and a decent reference.
3. Network Access Control
This is an excellent chapter and covers some of the basic inetd and ssh configuration options that offer a lot of security, but people often overlook or completely forget.
4. Authentication Techniques and Infrastructures
Really good chapter on authentication, covers PAM very well and shows you the various ways to work with it.
5. Authorization Controls
Pretty much a focus on sudo here, I'm a recent sudo convert I never used to value it that much but using Ubuntu changed that for me and I quite like it. This chapter covers everything most people want to know about using this handy utility.
6. Protecting Outgoing Network Connections
SSH agents and certificates, all that fun stuff. There are tutorials all over the web on this stuff but it had to be included for completeness and it was certainly covered well enough.
7. Protecting Files
This chapter gives us a good level of detail on file security, it seemed to lack some of the less oft used file security options, however it was comprehensive enough to be very useful.
8. Protecting Email
Walk-throughs covering encrypted mail on some of the most common mail clients.
9. Testing and Monitoring
This is by far the best chapter in the book as it covers all the things people usually ask about relating to security, “how do I recover form a hack”, “how do I deal with incident reporting”. A lot of books don't cover this and I didn't expect to see it here as I thought the book would cover only the technical implementations rather than how to deal with the management side of things.
Style and Detail
Style was similar to all of the cookbook series, if you find the series generally useful then this one is definitely one of the good ones. I sometimes feel that the cookbooks lack a bit of coherence. For example in this book we are given lots of single firewall rules but no complete script. Reading a tutorial on the same thing would usually involve discussion of all the rules and then pulling them all together for a final example script. There are a few areas in this book that could have used this sort of finalisation. The style within each of the recipes though was excellent, each item was explained very well and enough detail was given in order for the user to work with the technology without being bogged down in masses of peripheral detail.
I'd recommend this book to anyone that was comfortable enough as a Linux user and needing some help building a secure system and getting to grips with all the security options avilable. There were a few things that I'd consider missing from the book but on the whole it was OK. For more advanced administrators it is possibly a good resource to use as a checklist but not a lot more value than that. Personally as someone who has studied security extensively and has been a Linux user for near a decade I found it a handy resource and will probably use it to brush up on commands I haven't used for a while rather than “wading through manpages” which is the books real strength, it gives you the same info that is in the manpages but it structures it a bit more logically and cuts out all of the really detailed information that you don't always need to know. If you just want to drop an IP at your firewall becoming an iptables guru is overkill, reading this book would be extremely effective in that situation.
This book receives an honored SFDC Rating of 8/10.
Keywords: Linux Security
This review is copyright 2005 by Barrie Dempster and Security-Forums Dot Com, and may not be reproduced in any form in any media without the express permission of the author, or Security-Forums Dot Com.