Customer Reviews

Real World Linux Security (2nd Edition)

5 star:		(37)
4 star:		(3)
3 star:		(6)
2 star:		(1)
1 star:		(0)

 

 

I am a senior engineer for network security operations. I read "Real World Linux Security" (RWLS) to learn more about best practices for securing Linux servers. Author Bob Toxen has clearly "been around the block," and in some cases he even helped "build" it. Not everyone had the fortune to study at Berkeley with the giants of UNIX! While parts of RWLS are too advanced for some (I was overwhelmed at times), it deserves to be read by serious security practioners.

Anyone administering Linux systems will learn at least one security improvement from RWLS. For example, I applied Bob's suggestion to prevent X from listening on the 6000-series TCP ports. Youngsters will learn why password files incorporate a "salt" and how the "sticky bit" prevents file deletion under certain conditions. Graybeards may enjoy the tech history, like the origin of the word "spam" for unsolicited commercial email.

RWLS' strongest feature is Bob's commitment to defending his security suggestions. He doesn't just provide instructions. He states the problem, its origin, how to resolve it, other options, and finally defends his solution. One might disagree with his conclusions but appreciate his reasoning.

Bob can make these arguments because he's comfortable discussing Linux at the user interface level (GUI or command line), at the network level (protocols, sockets, ports) and at the operating system and programming levels (system calls, C programming, etc.) This reminded me of Radia Perlman's "Interconnections" networking book, where she explains protocols she invented, such as the spanning tree algorithm.

RWLS is not perfect. The "one way credit card data path" proposal needs a diagram. Page 500's says a "." in TCPDump means no flags are set, when really "." means neither the SYN, FIN, RST nor PSH flags are set. ("." is frequently seen in TCPDump with the ACK flag, for instance.) On page 232, I think Bob meant to mention ARP, not RARP. These are minor errors overshadowed by RWLS' depth of knowledge.

Other books can claim to offer "practical" security advice, but I found RWLS to be the first purely defensive-minded book which required one eye on the text and the other on my laptop. Reading and typing, I added a few more weapons to my defensive arsenal by trying commands and altering system settings. I plan to reread advanced sections after I learn more about shell scripting and C programming.

If you feel you've got nothing more to learn from security books, give Bob Toxen's work a shot. If you're just beginning in the field, be prepared to "grow into" RWLS.

With shelves of GNU Linux and Unix security books out there, choosing which ones to grace your bookshelf with can be difficult. Real World Linux Security is a hands down winner, covering every aspect of Linux system security. With many books being a tired rehash of the same tips designed to harden your system against script-kiddies, this book goes many steps further into protecting your systems against skilled crackers, and exploring advanced cracking techniques, and defenses against them. Something missing from most other books, this book has extensive coverage on preparing for an attack, how to tell if your system has been cracked, and what to do afterwards (contrary to what your instincts may tell you, don't just pull the plug!) If you have only one Linux security book, this is definitely the one. As a bonus, the book is excellently indexed, and has frequent references to other parts of the book where appropriate, making it easy to navigate.

A poll taken in July 2001 for Network World asked 100 network executives what their biggest technology concerns were in 2001. It turns out that their biggest concern was "making sure the network is hackerproof." I?ll ignore for now the fact that there is no such word as hackerproof; I?ll take license and substitute the term bulletproof, which dictionary.com informally defines as impervious to assault, damage, or failure; guaranteed.

With that, can network security and commercial off-the-shelf operating systems ever be impervious to assault, damage, or failure? Not even the largest seller of security snake oil would say yes to such a statement. Information security adversaries are already at the gate, posing legitimate threats; it is not a question of if networks will be attacked, but when. It is within this framework that Bob Toxen presents Real World Linux Security, a superb overview of how to comprehensively secure a Linux system.

Toxen is one of the original developers of Berkeley Unix, and his book is full of interesting historical tidbits from the computer science halls of UC Berkeley in the early 1970s. When it comes to Unix security, Toxen?s mantra is certainly "been there, done that." Toxen is one of a very few writers who can write in the first person about developing operating systems while dropping names such as Bill Joy and Ken Thompson.

Although it comprises nearly 700 pages, Real World Linux Security is light on filler and bursting with important information on how to secure a Linux host. In reference to space filler, other books often have about a third of their content made up of screen prints and source code listing. Toxen's book fortunately does not use that route and instead directs readers to either a Web site or the companion CD-ROM for source code. The book is useful for all flavors of Linux, yet nearly all of the topics can be applied to other operating systems as well, because the threats are basically the same -- only the common line usage changes.

At page 25 -- where many other security books would still be addressing abstract ideas about computer security -- Real World Linux Security deals with Linux?s "Seven Most Deadly Sins." Some of them are: weak passwords, old software versions, open network ports, and poor physical security. Just a few of the other critical security topics covered in the book are: common break-ins by subsystem, establishing security policies, hardening your system, and scanning your system for anomalies.

While much of the book is akin to "Linux Security 101," advanced topics and defenses are also covered. The wide-ranging topics of the book include not only Linux host security, but also what to do when an intrusion has occurred. Part 4 of the book is "Recovering From an Intrusion." The knee-jerk response of many systems administrators is to power down a system in the event of an intrusion. However, in reality, that is often the worst thing to do. Powering-down a system makes digital forensics much more difficult. A methodical and planned approach to intrusions is required, and the book details the appropriate steps to use.

The book comes with a CD that has a lot of useful programs and custom-written scripts. The CD-ROM includes most of the popular security tools including, nmap, crack, tcpdump, snort, and more. Although most of the software is freeware and available on the Internet, having all of the tools on a single CD-ROM is a timesaver.

The only complaint I have about the book is the use of skulls for the danger level. One skull indicates a minor effect or risk, while five skulls means the risk is too dangerous. It is often hard to discern whether the skulls refer to the topic just mentioned, or the subsequent one.

While many of the threats and vulnerabilities in the book indeed have five skulls, Real World Linux Security deserves five stars. It is an excellent reference about Linux security -- a topic that, while timely, does not always get the respect it deserves.

Out of all the books on various Linux topics that I own, and I own several, this one is the best. It covers security issues very well, it's full of real-world examples and it's fun to read. I would reccommend this book to anyone who is interested in securing their Linux box. And to those who aren't concerned about security, I would HIGHLY reccommend this book.

This book is at the top of my list when it comes to Linux security books. It
has more information on securing Linux than any other I've read. And when I
say Linux, I mean Linux not the plethora of applications and servers that run
on Linux. Granted, it touches on some of the more "standard" servers, like
Apache, Sendmail, and Samba. But the majority of the book is dedicated to
securing Linux, servers, and applications in general. So, if you are looking
for a book to tell you how to lock-down ProFTPD, this isn't it. Because of
this limited scope, unlike other Linux security books that try to cover
everything imaginable, it manages to cover the topic thoroughly.

The book starts off with "quick fixes" and then moves on to more advanced
security issues. This is done so that you can get your system relatively
secure as soon as possible, and deal with securing some of the more obscure
and complex things in a progressive nature. It deals with just about

everything from making your users choose hard to crack passwords, to defining
a written security policy, to collecting information about break-ins and
getting law enforcement involved. This is a real well rounded and robust
book.

Two things make this an awesome addition to any Linux user or administrator's
collection. First, the author knows Linux inside and out. I was quite
surprised to see security solutions that include kernel modifications as an
option. In addition to his knowledge of Linux, the author has a very jovial
writing style that you seldom find in books of a technical nature. I felt no
need to force myself to read this book, because the author's writing style
was engaging kept my attention. Second, the author (and Prentice Hall)
included a CD with the book that contains software that the author wrote or
modified (to extend its functionality and/or usefulness). The CD itself is
worth the price of the book alone.

This book is a good buy and I would recommend picking up a copy of this book
if you are running Linux in a business or home environment.

Having ran an ISP for four years, I am utterly fascinated with this book! The author understands the security issues, conveys thems clearly and shows real world results for people to implement Intrusion Detection Services. This book can be used by those with moderate knowledge of Linux. the author has included Red Hat, SuSe and other flavors of linux as example. the book holds web addresses for additonal help. The author has given step by step instructions for the implenetation of services. It is an absolute MUST for any Sys Admin or Network Admin - hands down.

Having read alot of books on computer security in 7 years in the unix profession. I have seen some really bad books. Some books had good chapters. Some totally forgot a whole compnent of security. Bob has covered it all. He covers the whole nine yards and then some. This book is up their with hacking exposed as a must in every administrators library.

PS. One gripe. Has the Kerberos logo variation on the cover. But no talk of kerberos.

After being cracked two weeks ago, we hired Bob Toxen to come in and evaluate our SGI systems. Many thanks to Bob Toxen for his help at reasonable rates. One reason we hired Bob was that he was involved in porting Unix to the SGIs many years ago. At our first meeting, he gave me a copy of the book. (Thanks Bob!) After reading the first two chapters, I immediately realized that our break in was due to procrastination. A topic not usually addressed but of prime importance in keeping security tight. His book identified several other holes that weren't apparent to me as well. We are, thanks to Bob, plugging the holes and restoring the systems. You should definitely buy this book. I am buying a friend a copy since I was given one. Give a copy to your boss or management as well as to yourself. Maybe you'll get the understanding you need from up the chain of command! This particular crack was the Telnetd vulnerability exposed last August. I had asked for time to fix it and was asked to keep doing research rather than sysadmin. We were under pressure to keep papers coming in our project, so I kept researching! Around Nov. 16-28, possibly more than one cracker easily broke in. Some systems showed activity from another university, while one was obviously in the midst of a DoS attack on someone. We shut everything down, but have spent at least $10K on lost time, extra labor, and consulting. Our university security person spent many days investigating and coordinating everyone's efforts. The origination of the attack has not been determined but the other university, with 60K machines on campus, did not have even one security person we could contact for help. Our efforts are to only restore and prevent attacks since we are unable to pursue the crackers any further without more help or leads. We've lost weeks and money. I highly recommend that you take Bob's book seriously so that you will not be in this situation as we are. Our projects, online classes, and reputation have been put at risk and that is unacceptable as you might agree. Thanks for your time! I hope I've made my point! By the way, everything I have said here is my opinion and not to be construed as that of my employer. However, I am sure they are as happy Bob is helping as I am!!

This book has been updated well. Not just some cut and paste from a previous edition. The first edition was excellent. This edition is even better. The writing is some the best I've ever read in a technical book. Secrets & Lies is the concept book and this is the application of those concepts. This should between your Bruce Schneier books and your O'reilly Systems books.

If you are a Security Professional, Systems Administrator or a wannabe this book belongs on your bookshelf. The topics are broad and yet fairly in depth. Even if you think you know security get this book. The information is organized that well.

You can use this book to harden just about *nix flavor machine based on his examples. The attack processes illustrated will reinforce your existing knowledge or teach how you need to start thinking about security.

Bottom line is security has many layers or rings. If one ring fails hopefully you have several other rings of protection. Don't rely on a firewall to protect you. Firewalls only scratch the surface in building a secure enviroment.

They say that hindsight is 20/20, and this couldn't be any closer to the truth after reading "Real World Linux Security" by Bob Toxen. Even after the first few chapters, Bob provides the reader with a wealth of information about basic and critical steps needed to secure Linux systems. The best aspect of this book is its cross-distrobution compatibility. Bob provides you with plenty of information on system hardening tactics that you can, easily too, harden any Linux distrobution, whether it be Redhat, Slackware, Debian, or a lesser known distro. All in all this is a wonderful book for all levels of Linux users and SysAdmins, from newbies to very experinced users. Being new to System Administration, this book was worth every penny.