Linux Network Security (Administrator's Advantage Series)
| 2005-03-30 00:00:00 | | 0 | Network Security
PROTECT YOUR NETWORK FROM HACKERS!
Linux networks are becoming more and more common, but security is often an overlooked issue. Unfortunately, in today?s environment all networks are potential hacker targets, from top-secret military research networks to small home LANs. Linux Network Security focuses on securing Linux in a networked environment, where the security of the entire network needs to be considered rather than just isolated machines. It uses a mix of theory and practical techniques to teach administrators how to install and use security applications, as well as how the applications work and why they are necessary. Starting with the need for security and understanding the problem, the book teaches administrators about packet filtering (firewalling) with iptables, hardening services such as Apache, BIND, Sendmail, FTP, and MySQL to prevent attacks, network analysis, encryption, local security, DoS attacks, and rootkits. Auditing networks for potential vulnerabilities and creating secure passwords is also explored. This is the one book that really details how to secure a Linux network.
KEY FEATURES * Provides a complete guide to finding, fixing, and preventing holes in a Linux network * Teaches all the main aspects of securing a small LAN, from routing and topology to configuring UNIX services, with particular emphasis on securing against remote attack * Teaches how a Linux firewall can be used to protect desktop systems inside the LAN from viruses, spam, and hackers * Includes a CD-ROM with various open source software that will allow administrators to implement the techniques from the book and begin securing their networks immediately
On the CD! (see Appendix F for more details) * SOFTWARE Includes John The Ripper password cracker, Ettercap, Nmap port scanner, Nessus vulnerability scanner, Nikto vulnerability scanner, LibSafe stack protection library, TripWire IDS, and Snort 2.2.0 IDS and packet sniffer * LINKS Hyperlinks to all the URLs mentioned in the book * FIGURES All the images used in the book
SYSTEM REQUIREMENTS UNIX/Linux: Linux operating system with a 2.4 or 2.6 (recommended) kernel; Pentium I processor, or equivalent; 64MB RAM (128MB or more recommended); CDROM drive; X Windows, optional; 80MB available hard disk space; Perl interpreter; GCC 2.96 or greater; WINDOWS: Windows 98, NT, or greater; Pentium I processor, or equivalent; 128MB RAM; CD-ROM drive; 80MB free hard disk space; Perl interpreter; C compiler
User review
A linux system is secure if you can depend on it and its software to behave as you expect
The focus of this book is not on formal definitions and theoricals models so much as it is on practical form. But in this book as many other books, does not address these topics in sufficient detail.
Instead, this book emphasizes the use of the security applications, as well as how the applications work and why they are necessary and many other interesting topics.
Yes, this is not the best book about security in linux servers, but yes is a good book for beginners and intermediate users using small LANs.
User review
One of the better books on this subject
If you are a network administrator who needs to get a quick handle on Linux security this would be a very good choice. It covers the basics of security in general (weak passwords, key logging, Trojans, network topology, etc.) as well as security issues that are specific to Linux.
It does a good job of explaining how Iptables are used in a firewall and how to tune the network. Linux Network Security does appear to thoroughly cover all the basic system security considerations including the passwd file, shadowing, enforcing security, using PAM, and SUDO security. The best part of the book is when the author gets to how to choose an appropriate distribution, use a chroot jail, and protect memory.
In addition to the basic Linux security common to all distributions the author discusses role based access control, the Linux Intrusion Detection System, and the secure Linux distribution SeLinux. The book ends with sections on securing the most common services for Linux - Apache, SSH, NFS, NIS, DNS, BIND, and FTP. It also includes a section on keeping your system secure using Tripwire.
If you need additional help on specific issues there are six appendixes which cover recompiling the kernel, kernel configuration for networking, firewall scripts, and cryptography. This book is obviously intended for the Linux network administrator, but the level of knowledge assumed is somewhat confusing. For some pieces it seems to assume no prior knowledge (like Chapters 1 and 2) and for other areas it seems to assume some basic prior understanding of Linux (although admittedly minimal). Keep in mind that there are whole books on some of these items (like securing Apache) so there is obviously much more detailed information available if you have a specific need. Linux Network Security is highly recommended to network administrators who are dealing with a basic file and print sharing network or who need a solid overview of Linux security and some of the security problems with common services.
User review
lots of info
despite its smallish size (550 pages) this book is packed full of useful info. the first couple of chapters are a whistle stop tour of the all the ways a linux box can be hacked, and the rest of the book describes how to fix these problems. most of the book is intermediate level, but a couple of the later chapters are more advanced. but i think this is a good thing because it means the book goes into much more detail than most others.
User review
Includes a Great Deal of Useful Software
Security is one of those things that everyone knows they should do but typically doesn't until too late. In spite of all the warnings most companies ignore the pleadings of the assigned security specialist until all of a sudden they are hit in the face with a penetration. And this is the theme of the introductory chapter, except that he explains it a lot better.
The second chapter starts with an explanation of John The Ripper. This is a program that attempts to automatically crack your system's password file. (The John The Ripper program is included on the books CD so you can use it to test your own system.)
By this point he had my attention. It was clear that if he wished he could get into my system and do whatever he wished. I interrupted my reading at this point and changed several system passwords to make them a lot more difficult.
After that I went on to read the rest of the book on finding, fixing and preventing holes in a Linux network. I never realized it was so easy.
The book is a combined explanation of what's happening and a wealth of software on the CD. This software, described in the text part of the book, is a selection of software off of the net. The net has a huge amount of software available. Here the author has selected a dozen or so packages that he discusses enough for you to use and to have some faith that the results you are getting are worthwhile.
Perhaps the best book on Linux security ever.