Real World Linux Security (2nd Edition)

With that, can network security and commercial off-the-shelf operating systems ever be impervious to assault, damage, or failure? Not even the largest seller of security snake oil would say yes to such a statement. Information security adversaries are already at the gate, posing legitimate threats; it is not a question of if networks will be attacked, but when. It is within this framework that Bob Toxen presents Real World Linux Security, a superb overview of how to comprehensively secure a Linux system.

Toxen is one of the original developers of Berkeley Unix, and his book is full of interesting historical tidbits from the computer science halls of UC Berkeley in the early 1970s. When it comes to Unix security, Toxen?s mantra is certainly "been there, done that." Toxen is one of a very few writers who can write in the first person about developing operating systems while dropping names such as Bill Joy and Ken Thompson.

Although it comprises nearly 700 pages, Real World Linux Security is light on filler and bursting with important information on how to secure a Linux host. In reference to space filler, other books often have about a third of their content made up of screen prints and source code listing. Toxen's book fortunately does not use that route and instead directs readers to either a Web site or the companion CD-ROM for source code. The book is useful for all flavors of Linux, yet nearly all of the topics can be applied to other operating systems as well, because the threats are basically the same -- only the common line usage changes.

At page 25 -- where many other security books would still be addressing abstract ideas about computer security -- Real World Linux Security deals with Linux?s "Seven Most Deadly Sins." Some of them are: weak passwords, old software versions, open network ports, and poor physical security. Just a few of the other critical security topics covered in the book are: common break-ins by subsystem, establishing security policies, hardening your system, and scanning your system for anomalies.

While much of the book is akin to "Linux Security 101," advanced topics and defenses are also covered. The wide-ranging topics of the book include not only Linux host security, but also what to do when an intrusion has occurred. Part 4 of the book is "Recovering From an Intrusion." The knee-jerk response of many systems administrators is to power down a system in the event of an intrusion. However, in reality, that is often the worst thing to do. Powering-down a system makes digital forensics much more difficult. A methodical and planned approach to intrusions is required, and the book details the appropriate steps to use.

The book comes with a CD that has a lot of useful programs and custom-written scripts. The CD-ROM includes most of the popular security tools including, nmap, crack, tcpdump, snort, and more. Although most of the software is freeware and available on the Internet, having all of the tools on a single CD-ROM is a timesaver.

The only complaint I have about the book is the use of skulls for the danger level. One skull indicates a minor effect or risk, while five skulls means the risk is too dangerous. It is often hard to discern whether the skulls refer to the topic just mentioned, or the subsequent one.

While many of the threats and vulnerabilities in the book indeed have five skulls, Real World Linux Security deserves five stars. It is an excellent reference about Linux security -- a topic that, while timely, does not always get the respect it deserves.

Rating:
Summary: Help in time of need!
Review: After being cracked two weeks ago, we hired Bob Toxen to come in and evaluate our SGI systems. Many thanks to Bob Toxen for his help at reasonable rates. One reason we hired Bob was that he was involved in porting Unix to the SGIs many years ago. At our first meeting, he gave me a copy of the book. (Thanks Bob!) After reading the first two chapters, I immediately realized that our break in was due to procrastination. A topic not usually addressed but of prime importance in keeping security tight. His book identified several other holes that weren't apparent to me as well. We are, thanks to Bob, plugging the holes and restoring the systems. You should definitely buy this book. I am buying a friend a copy since I was given one. Give a copy to your boss or management as well as to yourself. Maybe you'll get the understanding you need from up the chain of command! This particular crack was the Telnetd vulnerability exposed last August. I had asked for time to fix it and was asked to keep doing research rather than sysadmin. We were under pressure to keep papers coming in our project, so I kept researching! Around Nov. 16-28, possibly more than one cracker easily broke in. Some systems showed activity from another university, while one was obviously in the midst of a DoS attack on someone. We shut everything down, but have spent at least $10K on lost time, extra labor, and consulting. Our university security person spent many days investigating and coordinating everyone's efforts. The origination of the attack has not been determined but the other university, with 60K machines on campus, did not have even one security person we could contact for help. Our efforts are to only restore and prevent attacks since we are unable to pursue the crackers any further without more help or leads. We've lost weeks and money. I highly recommend that you take Bob's book seriously so that you will not be in this situation as we are. Our projects, online classes, and reputation have been put at risk and that is unacceptable as you might agree. Thanks for your time! I hope I've made my point! By the way, everything I have said here is my opinion and not to be construed as that of my employer. However, I am sure they are as happy Bob is helping as I am!!

Rating:
Summary: Excellent Resource
Review: After reading this book it is clear that Mr. Toxen knows his subject well. Just about every aspect of system security is covered, with real world anecdotes and examples scattered liberally throughout. This book is a must have addition to the library of anyone interested in computer security.

Rating:
Summary: Been hacked, been fixed, by Bob himself
Review: As a satisfied customer, reviewer of this book, and friend of Bob, I can recommend this book wholeheartedly. I was an overworked sysadmin and biochemist researcher at Kennesaw State University in Kennesaw, Georgia in November 2000, when the 27 SGI systems I was in charge of were hacked into. We were set up as a node waiting to implement a denial of service or remote attack on some other poor sobs. I hadn't been able to keep up with patches due to a heavy workload so the attackers got in easily thru a hole in telnetd. I yelled for help on the www.ale.org listserv and Bob, a local member, responded. We've been locked down ever since then by Bob with hardened Linux firewalls running a VPN. Thanks to his expertise we haven't had any successful attacks since. In fact, no one can find us unless we let them. I simply don't have to deal with security problems anymore on those systems. It was my pleasure to help Bob with reviewing the manuscript for ease of understanding, readability, and double checking for typo's. I can't say enough about Bob as a person. I can trust him completely and do everyday with the security of my systems. I use his book as a reference tool constantly on security topics. It is much better than any other book in this genre for what it provides. In my opinion, for what that is worth ;-) it is the only security book for Linux that really touches on everything. Talking with Bob about the book is always alot of fun since I usually learn something new every time. If you already have the 1st edition, give it to someone else as a gift and get this one. Don't expect everything to be new as most security info hasn't changed all that much. For the new info, such as iptables, this book will be what you need, but will still contain the reference info you will always go back to check. I highly recommend this book, but even more so, I recommend you let Fly-by-Day Consulting work with you on securing your network. I certainly am glad I did.

Rating:
Summary: Finally! Scripts and other practical information.
Review: Being one of the initial reviewers of the rough draft of this book, I had the privilege of watching it come into being, and was rather pleased with the final copy. It was not difficult to wade through (should be okay for those newbies out there), yet not so simplistic as to make an expert put it aside as a "baby steps" book. It is full of useful scripts, practical examples, and information. The CD also has several practical and useful scripts and other programs.

No offense, people, but if you have the least bit of sense enough to worry about crackers (and they are everywhere), you will purchase this book AND use it. Don't wait until your system has been compromised to get around to hardening it! Cracked systems may not always be something that happened to "that other company".

"RWLS" has some very useful scripts in it, as well useful programs available on the CD included with the book. I'd especially recommend it to Sys Admins who are looked to by the management of their company as being mostly or totally responsible for their computer system's security policies and/or the implementation of those security policies.

Rating:
Summary: Simple, concise, easy to read
Review: Bob Toxen came out with a valuable book which is easy to comprehend, and can be implemented immediately into production systems. His examples are clear and direct to the point, which makes reading and understanding a breeze.

Whether you've been working with internet security or just starting, this book is a must have!

Rating:
Summary: Simple, concise, easy to read
Review: Bob Toxen came out with a valuable book which is easy to comprehend, and can be implemented immediately into production systems. His examples are clear and direct to the point, which makes reading and understanding a breeze.

Whether you've been working with internet security or just starting, this book is a must have!

Rating:
Summary: Excellent Book.
Review: Easy to follow steps to hardening any Linux based system, a must for system administrators.

Rating:
Summary: Good, but short on organization
Review: Good book with good tidbits, but poorly organized. I look for more of a flowchart feel, and this had me jumping all around in order to find related items whil etrying to secure my computer. Better than the first edition though. I would prefer less talk and stories and have more "real world" solutions.