Joined: 18 Apr 2002
Location: Kuala Lumpur, Malaysia
|Posted: Thu Apr 08, 2004 11:49 am Post subject: Book Review - Hacking Linux Exposed 2nd Edition
Hacking Linux Exposed: Linux Security Secrets & Solutions (Second Edition)
Author(s): Brian Hatch & James Lee
Publisher: Osborne McGraw-Hill
Book Specifications: Soft-Cover, 721 Pages
Category: Linux Hacking and Security
User Level: Familiarity with TCP/IP, basic Linux admin etc.
Suggested Publisher Price: $49.99 USA/ $74.95 CAN/ £36.99 Net UK (inc of VAT)
Amazon.co.uk: Hacking Linux Exposed 2nd Edition UK
Amazon.com: Hacking Linux Exposed 2nd Edition US
Special Discounted Security Forums Price : £27.74 UK GBP - http://www.mcgraw-hill.co.uk/securityforums
Info from Back: "Secure your Linux network by thinking like an attacker. Evolving Web technology and new software releases make online security more challenging than ever. The number of hackers--both sophisticated crackers and script-kiddies--is growing constantly, and it's just a matter of time before your network becomes a target. Hacking Linux Exposed, Second Edition shows you step-by-step, how to proactively defend against the latest Linux-specific attacks by getting inside the mind of today's most devious hackers."
I'm sure by now, the majority of you are familar with the Hacking Exposed (HE) series, and have probably read at least one of the offerings from the series. The HE series aims to give real-world information based on the experience of experts in their given arena of security without being over-technical, but still providing enough detail. This will be the second in the series I have reviewed, the first being: Hacking Exposed 4th edition Review.
Before starting this book I was fairly up on Linux security (so I thought!). This book has an incredible amount of depth, it exposes the flaws and exact solutions to a multitude of problems. Through the course of reading this book I picked up many new tips and tricks and ideas I never would have thought of. One for example being the use of Syslog, logging to an IP address of a machine that doesn't exist, then using another non-visible machine to 'sniff' the traffic and log the sys-log packets thus rendering any attacks against the bogus syslog machine futile.
HE:L covers all facets of Linux security and general good practise, it skips all the needless theory that many books waste too much time on. If you want technical, up to date information on Linux, understanding the threats and implementing the solutions, this is the book.
Details of updated material
In this second edition, the authors aimed to keep the essence of the first book and the series and make the book a standalone. They also wished to compress, trim and tighten the whole thing to make it more efficient, easy to read and useful. Some chapters have been removed completely, but are available on the website, and some sections have been split into new chapters to give them more focus.
The layout has also been re-arranged almost completely. All of the basic core subjects have been moved to the front of the book so you can digest them before digging into the more technical stuff (native Linux security, buffer overflows, format string attacks etc.) There is now an entire chapter covering Denial of Service attacks and a new section devoted to the actions an attacker may take after he's comprimised your machine.
With this second edition a lot of time has been spent on the organisation of the book, it flows very well and the information (there is a lot of it) is organised in an intuitive manner. The book is split into 6 main sections, which are as follows:
Each section has many subsections details in a more complete and comprehensive contents list located HERE. An example of Chapter 1 can be found HERE (PDF).
- Locking into Linux
- Breaking In from the Outside
- Local User Attacks
- Server Issues
- After a Break-In
HE:L starts out with contents at a glance, basically the above 6 sections and their major subsections. It then moves to a comprehensive contents listing as linked to above, following this there is the acknowldgements. One thing I will note is the HE series in general tends to have very good introduction sections, this book is no exception. There is a brief textual introduction, a section detailing what's new in the 2nd edition, an explanation of the graphics and conventions used in the book and a very useful section outlining how the book is organised with a short paragraph on each chapter.
The new organisation is nice, the book starts with a section on Linux native security measure, setuid problems, file permissions, user management, aliased commands, groups, priveledged ports and so on. Any professional, well experienced Linux admin will know most of this chapter already, but for anyone who is not a Linux guru it's great stuff explained in an easy to digest manner. After this comes basic flaws such as failing to drop priveleges, buffer overflows, format strings and race conditions. This means that through-out the book as the more complex subjects are covered you will allready have a good grasp of the fundementals, which a lot of books forget to do, or they mix the basics in with the complex stuff leading to information overload (overflowing the cerebral buffer).
From here we continue on with some great proactive security measure and practical ways to apply them, following this comes a more 'hacker' oriented section covering breaking in from the outside including some advanced network attacks such as DNS, MITM and WLAN techniques. Local user attacks (mainly privelege escalation) are dealt with in detail, a section many books skirt over or fail to mention altogether. Following this is the chapter on server issues, for once Sendmail is not the only MTA covered! Problems with Sendmail, Qmail, Posfix and my personal favourite Exim are addressed. FTP is then covered in great detail, the weird inner workings as well, an area which is still a mystery to many. The most interesting section for me was the one on backdoors, which for once in this book is a substantial chapter.
To summarise pretty much every facet of Linux security is covered in good detail, this book teaches you that disabling uncesserary services and patching regularly are only the tip of the iceberg. It's also nice to see more than just tars and rpms covered, updating & configuring Debian machines is also covered.
Style and Detail
If you are already familiar with the HE series, there's not much I can say about the style. I personally love it, it's very easy to read, easy to find specific information and the use of icons and graphics is a good, visual way of aiding information digestion.
If you are not familiar with the HE style, they use a few icon conventions. A bomb to indicate a type of attack, a warning sign to indicate a countermeasure, then 3 boxes to signify a Tip, Note or Caution. This as I mentioned above makes it very easy to pick information out at a glance rather than wading through pages of text.
The writing style is fairly casual as akin to the rest of the series and I found this book a lot more technical than the others. The others tends to focus solely and tools and how to use them rather than how they work, as we dealing more with an OS and open source software this books gives the lowdown and technical specifics on how things work. The level of detail is excellent and not too overwhelming.
To conclude briefly, if you have a Linux machine online you need this book. The information is up to date and as we are dealing with Linux here not MS the base system doesn't change hugely and frequently so the core principles will remain relevant for a long time to come. Many of the techniques here can also be applied in some form to other operating systems such as BSD and perhaps the new Mac OSX.
It would pay to be somewhat familiar with at least the basics of Linux before plowing through this book as it does get fairly technical. Either way there is something here for the beginner, the regular Linux user and the more advanced admins and developers.
A well researched, factual, useful and entertaining SFDC 9/10 from me, a must have for anyone with a Linux box online.
Security Forums Discount
The publishers Mcgraw Hill have kindly setup a discount section for Security Forums' users. Discounts can be up to 30% off the RRP and postage is free on all orders over £20 in the UK & Central Europe.
Keywords for this post: Hacking Exposed Linux Networking Hack Security Secrets and Solutions Book Review 2nd Edition Second HE
This review is copyright 2004 by the author and Security-Forums Dot Com, and may not be reproduced in any form in any media without the express permission of the author, or Security-Forums Dot Com.
Last edited by ShaolinTiger on Fri Apr 09, 2004 10:19 am; edited 2 times in total