Customer Reviews

Hack Proofing Linux : A Guide to Open Source Security

5 star:		(2)
4 star:		(2)
3 star:		(1)
2 star:		(0)
1 star:		(1)

 

 

I am a senior engineer for network security operations. I am not a Linux expert, nor do I have experience using all of the tools included in "Hack Proofing Linux" (HPL). Unfortunately, I don't believe HPL was written by experts either; few have knowledge spanning the entire open source security arena. By venturing beyond the authors' core expertise, HPL offers some incorrect information. If you accept these limitations, HPL still introduces an impressive array of Linux security applications.

The deployment of Linux antivirus solutions is HPL's first example of questionable material. The authors seem to think products like AntiVir exist to protect Linux hosts. Actually, Linux-hosted anti-virus solutions primarily screen email traffic for Windows-based malicious logic. Finding a "VBS.FreeLink" virus on a Microsoft-based CD-ROM, mounted on a Linux system, doesn't qualify as protecting the Linux operating system. (See p. 123 for this example.)

The second sample of questionable material involves discussions of the nmap port scanner. Chapter 3 doesn't provide accurate information on the tool's options. On p. 136, "-s" doesn't mean "stealth" in all cases. P. 137 provides this puzzle: "-sS uses the SYN feature of TCP... even if the remote computer doesn't want to communicate with your host, NMAP is still able to gather sufficient information from this scan to learn the open ports." On p. 140, we should hear that specifying "ME" in a decoy scan indicates where to place your true source IP; it doesn't "increase the likelihood that your system will be hidden from IDS logs." P. 142 incorrectly says -sS "helps the scan get past firewalls, which often filter out initial SYN packets." Material like this seems like speculation or misinterpretation, not sound advice.

Beyond technical inaccuracies, I believe HPL is more about installation of tools and less about operational use. Knowing how to install Snort with database support is significant. Having the ability to configure the ruleset, interpret the alerts, and operationalize the system is far more important. That level of detail deserves a separate book, not several pages in a single chapter.

Still, I haven't seen another book which covers so many open source security tools. You'll find instructions for installing GPG, nmap, Nessus, Tripwire, TCPDump, Ethereal, EtherApe, OpenSSH, Squid -- the list goes on. Beyond verifying the material I believed was inaccurate, I skimmed much of these installation and basic usage instructions. Should someone need help deploying one of these tools, HPL will probably be useful. Just be sure to verify the material against the documentation provided by the application's authors.

(Disclaimer: I received a free review copy from the publisher.)

Don't waste your money on this book, unless you want to go back to older versions of Linux...
Many of the links are gone, many of the programs don't work with the newer versions of Linux (post 2004), and buying this book in September 2005 was basically flushing nearly $50 down the toilet...

Follow simple step by step procedures to hardening your linux system, i was able to read the meat of this book in a 4 hour airplane flight. Easily install and configure Linux, firewalls, etc.

This book starts off by defining the Open Source Movement and the General Public License. It then moves on to everything else...
As a newbie (2 months of using the free download of Mandrake 8.1 after doing the free online course...and 5 months of basic networking skills), I found this book an excellent read. It covered almost everything I needed to know to secure my network at home (I don't use windows anymore), and gave me confidence enough to want to apply for Network Administration somewhere.
CD included, you get tricks for locking down your system, or your whole network even, and the apps to help you do it (the entire book is in HTML on the CD, too!) I recommend this book to anyone wanting to learn linux, or anyone wanting to learn linux security.
I took half a star because it mainly refers to Red Hat Linux over others, and another half because I could see how a college professor might want a much more technical manual over this textbook style guide. Great book!

Hack Proofing Linux does the following very accurately:

1. It shows you how to deploy IPsec using FreeSWAN.
2. Readers learn detailed information about how to configure packet filters and proxy servers.
3. Although many theoretical references exist, few resources have practical advice concerning how to implement Kerberos. Before publication of this book, no authors had the common sense to show all of the steps necessary for a practical implementation. Other references either omitted steps or simply remained on a general level. I've never seen a book that does such as good job on this, in such a handy way.
4. After reading this book, you will have more than enough accurate information to scan systems for vulnerabilities, and you will also be able to accurately map and manage networks. For those who need more explanation, all they have to do is implement the tools as described, and they can then actually learn by doing. Seeing as how most of these people can't even buy or read the book all the way through, no matter they are impatient with a practical approach.
5. The book focuses on the pliability of Linux. Do you want to use a Linux server as a firewall? Read this book. Do you want to use it to audit systems? Read this book. Do you want to use Linux to securely centralize authentication? Read this book. Even though this book doesn't appear to be popular to people in Texas who don't understand that a mount point can be any directory on a Linux system, or who don't realize that Xinetd is a defacto standard, this California professor thinks it does an
excellent job.

I'm learning Linux in support of setting up version 3.0 of our homegrown firewall. I've been reading as fast as I possibly can and have a general idea of what I need to do to harden our firewall (yes I have a backup guy to go to!). In relatively simple tables throughout the book he lists what isn't necessary, what should be uninstalled, disabled or other. He also pretty much gives you step by step instructions. Since I'm a linux newbie, I need another book to help me figure out how to do some of things he lists (like disable service/daemons) - but that doesn't detract from this book.

What I really like about this book is that is a One Stop Shop. It gathers information that you might find from various other sources - online, howto's, man pages, security alerts. I know that since I've read enough of those others to know these 'what you should do's are out there. They're just everywhere. That's why I like this book. If I were not such a newbie I might be able to give it a higher rating, but I don't know enough yet to know if it omits anything really important or is just plain wrong.

It covers: ports, daemons, bastille, tripwire, ipchains/iptables, nmap, what to set when recompiling the kernel, analyzing network traffic, VPNs, testing your firewall, apache config, squid config, and other topics.

The printed layout is great: Chapter contents, big bold headings, tables, easy to read commands, numbered steps, very easy to read tables, screenshots, summary, fast track, FAQs.

The only shortcoming is that he doesn't list specific tips on partitions which I found in another ref.

All in all a very useful book.