Maximum Linux Security (2nd Edition) [Paperback]

John Ray (Author), Anonymous (Author)

Book Description

Series: Maximum Security | Publication Date: June 21, 2001

Linux continues to gain acceptance as a high-level operating system that's ready for serious corporate enterprise-level computing. When running Internet or file servers, Linux is more reliable, more flexible, more cost-effective, and even faster in some cases than Windows 2000/NT. This means that more and more companies are running Linux on their Web and internal file servers, and that more and more network administrators, used to how things work on Windows 2000/NT servers, will need a crash course on the vulnerabilities of Linux systems, and which holes they're going to need to plug in order to protect themselves from outside attacks. Maximum Linux Security, Second Edition fills this need.

Editorial Reviews

Amazon.com Review

As we've all become well aware lately, every complex system has flaws. When the complex system is a computer operating system, such as Linux, or a piece of software running under it, those flaws can provide black-hat hackers with the access they need to steal your data, damage your system, or use your computing resources as a base for attacking other computers. Maximum Linux Security reveals security holes in Linux and does so explicitly. You can follow instructions in this book and break into unsecured Linux machines in a variety of ways. The newest edition of this book includes newer information about Linux security exploits and updated links to information and tools.

The anonymous author of this book has done a fine job of recognizing that his readers, despite the fact that they're probably pretty accomplished power users just because they're messing around with Linux, aren't really experienced with Linux or with computer security. He's careful to explain his subjects precisely. For example, he goes to considerable effort to explain how to set up user accounts properly (with emphasis on preventing obvious security holes), in addition to documenting offensive and defensive weapons like SAINT and Crack. Most entries on software include URL references to the latest versions, as well as cross-references to related programs. --David Wall

Topics covered: Good Linux security practice, as well as specific malicious software packages and ways to defend against them.

From the Back Cover

Maximum Linux Security helps Linux administrators identify and plug security holes on their systems by detailing Linux system holes, attack methods, and hacker's tools that hackers have had years to study, explore, and improve upon. As Linux continues to become more and more mainstream, network administrators will need to know all about the weaknesses in Linux systems that hackers and crackers have had years to learn and explore. Maximum Linux Security provides a crash course on the vulnerabilities of Linux systems, and how to protect these systems from outside attacks. Written from the same hacker perspective as Maximum Security, this book contains everything the Linux network administrator needs to know about protecting his or her systems. This edition of the book has been revised, expanded, and updated to cover the latest advances in Linux hacking tools and techniques, and to more thoroughly cover firewalls, intrusion detection, Linux graphical environments, and routers.

See all Editorial Reviews

Product Details

• Paperback: 896 pages
• Publisher: Sams; 2nd edition (June 21, 2001)
• Language: English
• ISBN-10: 0672321343
• ISBN-13: 978-0672321344
• Product Dimensions: 9.1 x 7.4 x 2.3 inches
• Shipping Weight: 3.4 pounds
• Average Customer Review: 4.3 out of 5 stars  See all reviews (11 customer reviews)
• Amazon Best Sellers Rank: #302,180 in Books (See Top 100 in Books)

Customer Reviews

Most Helpful Customer Reviews

16 of 17 people found the following review helpful:

4.0 out of 5 stars A step in the right direction for "Maximum Security" titles, September 20, 2001

By 

Richard Bejtlich "TaoSecurity" (Metro Washington, DC) - See all my reviews
(REAL NAME)   

This review is from: Maximum Linux Security (2nd Edition) (Paperback)

I am a senior engineer for network security operations. I read "Maximum Linux Security" (MLS) to learn more about defending Linux hosts in hostile environments (i.e., the Internet). Compared to recent editions of "Maximum Security," MLS is more useful and accessible. I recommend this book as a supplement to "Hacking Linux Exposed" and "Real World Linux Security."

MLS is less list-oriented than the typical "Maximum Security" book. Useful advice on practical security measures takes the place of exploit listings. While you'll find discussions of older vulnerabilities, the most ancient are isolated in appendix B. The appendix also offers lengthy, detailed command listings and glossaries, unlike any I've recently seen.

The friendly tone of the book reminded me of a mentor speaking to a novice. Furthermore, the authors clearly know their material. For example, Linux frequently demands compiling tools from source code. Sometimes this process requires tweaking the code before running 'make'. The authors regularly give specific advice on the changes needed to get the code working properly. This attention to detail impressed me, and helped me run some of the example applications as I read the text. The authors also gave great clues on applying patches, a task required of every system administrator.

Beyond its specific use as a Linux security text, MLS also lets readers learn of other resources useful to security practioners. I was pleased to check out the Linux Cross Reference project, where I can browse and link to several incarnations of the Linux kernel.

On the negative side, the back cover advertises MLS as an "intermediate-advanced" text. While I thought the diagrams and explanations of the introductory chapters were well-done, they clearly depicted basic material. I also felt the discussion of intrusion detection failed to reflect front line experience with that technology and process.

If you're looking for a more defensive-minded Linux security book, give MLS a try. Those with an offensive mindset (like penetration testers) should stick with the Hacking Exposed series. Readers looking for the high end of Linux security theory will like Bob Toxen's "Real World Linux Security."

(Disclaimer: I received a free review copy from the publisher.)

5 of 5 people found the following review helpful:

2.0 out of 5 stars Who is this book for?, September 27, 2005

By 

C. G. Dimopoulos "Percheron Security, LLC" (Columbia, MD) - See all my reviews
(REAL NAME)   

This review is from: Maximum Linux Security (2nd Edition) (Paperback)

I'll start off by saying that I am CISSP, CCSP and SANS GSEC certified. I have read a couple of the Maximum Security series books and I'm constantly disappointed. First off the book is about 5 times too long for a novice that is curious about the subject and under informative for a professional. It also seems to cover some "neeto" programs you can use to secure your system. For the amount of pages I thought it would at least delve into some kernel hacking, buffer overflow/underrun protection. The author seems to love to give scare tactic examples of attacks that happened years before the book was published. If someone is reading this book they most likely understand the threat. I don't need to the police to tell me about murders that have gone on in Baltimore to convince me to put locks on my doors. This kind of off subject garbage makes this book even heavier, and not from an information stand point. Published in 2001 it seem that is was out of date then as well. It covers, for the lack of better description, low level hacker tools in a majority of descriptions of tools. For example the "Sniffer" chapter mentions nothing about dsniff a very popular and powerful sniffing utility. I would not recommend this book to a beginner as there is way too much garbage taking you through the installation of basic pieces of software. Never mentioning some different options maybe you should be selecting during the install. There is no need to cut and paste the contents of the INSTALL file from Tripwire, most of the guides for installing are word for word from the programs own install and readme files. I would not recommend this to a professional as well as it does not go into great enough detail about anything unless you don't want to read man files and would rather have it in the form of a 13lbs book. My guess is this book was thrown together poorly with haste and by someone that has little to no experience in network security let alone security on ONE system. To sum this review up, there is nothing in this book that isn't already on google.

2 of 2 people found the following review helpful:

5.0 out of 5 stars Excellent Survey of Security for Linux System Administration, September 30, 2001

By 

Tim Halloran (Pittsburgh, PA USA) - See all my reviews

This review is from: Maximum Linux Security (2nd Edition) (Paperback)

If you use Linux but do system administration only because you have to keep your system chugging along--this book is for you. It will help you understand the security impacts of your system administration decisions. The book is tome-like with 870 pages but is a fairly easy read for someone with even a bit of UNIX/Linux knowledge. You will learn alot about security and be entertained by the authors descriptions of how actual attacks on your system are performed in the real world.