Principles of Network and System Administration: A Book Review

Textbooks are not always just for the
classroom. Sometimes, they're for holding up bookcases, large pots
with plants in them and for keeping doors/windows open.
Occasionally, they are the treasure chests of information a soul
requires to do something for the betterment of self, system and/or
network.This little book will improve all three. Principles
of Network and System Administration is neither big nor
flashy, but it is probably one of the best works in the genre. It
builds on an extensive body of work by others in the field and
pulls the information together in such a way that the material is
easily comprehended and absorbed. Burgess' writing is clear and
engaging, something few textbooks achieve.Burgess approaches both network and system administration
from the perspective of "those principles and ideas of system
administration which do not change on a day-to-day basis..." (from
the Preface). The first principle Burgess sets out has to do with
permissions:

Restriction of unnecessary privilege protects a
system from accidental and malicious damage, and infection by
viruses, and prevents users from concealing their actions with
false identities. It is desirable to restrict users' privileges for
the greater good of everyone on the network.

Burgess pays particular attention to the effects of given
actions on the networked community, whether that network is a LAN
or the Internet. We live in an age of networks, where what one user
does most certainly and directly affects others on-line. This theme
runs throughout the book, particularly in discussions of security,
access to resources, data separation and permissions. The balance
between individual users' rights and the needs of the community
must be carefully weighed and balanced by the system/network
administrator.HighlightsSecurity is thoroughly discussed in two consecutive chapters.
"Chapter 9: Principles of Security" covers a gamut of topics
ranging from the physical security of a system to an overview of
some common network attacks. Burgess nicely sums up the four basic
elements of security (privacy, authentication, trust and integrity)
and binds them to the underlying principle of security: "The
fundamental requirement for security is the ability to restrict
access and privilege to data."By access, the author means those events that can
corrupt/remove data, i.e., electrical storms, accidents and the
like. If these events don't have access to data (because the data
and/or backups are stored separately from where the effects of
these events are likely to be felt) the data is partially secure;
if users' privileges are guarded and enforced, the data is more
secure still.Burgess pays perhaps more attention than many of his author
colleagues to the human factor in system and network
administration, the sociology of computer users. He raises the
question of security vs. user convenience, pointing out that
inconvenient security measures will be more likely to be
circumvented by users than be effective.The same principle applies to overly conspicuous security
measures in the face of an accomplished cracker. Security measures
must be taken, but to make them obvious frequently serves as a
temptation for the malicious user to get around a barrier to what
(being so well-protected) may just be very valuable information.
Then again, the pay-off for such a user may merely be bragging
rights. The system's administrator is advised to verify such claims
first, deal with the situation methodically and avoid panic
altogether.Chapter 10 deals thoroughly with security implementation,
from analysis of network security, to WWW security, to intrusion
detection and forensics. Again, the specifics of methodology are
not the issue, but the reasoning used in setting up protected
systems appropriately is.A Word of CautionIf you don't come to systems administration from a
scientific/mathematical background, you'll want to have a good math
reference or two while going through "Chapter 11: Analytical System
Administration". There are several references to statistical and
calculus formulae that are better understood, and even implemented,
if the reader has a faint idea of what Burgess is doing with the
numbers. This is not to disparage the chapter at all. Evidence
collection is a requirement of systems administrators if policies
are to have any relationship to (or bearing on) user behavior or
that of hardware and software performance over a period of
time.Little ExtrasIn addition to his focus on Linux/FreeBSD, Burgess also shows
a strong appreciation for, and understanding of, the value of
cfengine as the system administrator's "best friend". While its
entries in the index are inaccurate, cfengine is well-delineated on
pages 144-145, and again on pages 158-159. Especially nice is his
description of how cfengine can be used simply by setting up its
time classes to work as a user interface for cron, as a sort of
front end with a variety of scripts as required. Pages 385-392
cover the use of cfengine in programming/automating tasks.As an educator at Oslo College, Norway, Burgess demonstrates
an alternate application of Principle 50, which states: "Every
change or effect happens in response to a cause, which provokes
it." Exercises at the end of each chapter are geared to grounding
the reader in both theory and practice of network/system
administration.Appendix C contains introductions to, and brief code snippets
of, several common scripting languages (PHP, HTML, Perl and CGI),
as well as make. Useful if you're system administrator for a
server!ConclusionBurgess has presented a work that pays great attention to the
heuristics of system and network administration; technical and
sociological issues are taken into account equally and are
presented thoughtfully with an eye to teaching not what to do as a
system or network administrator, but how to think about problems
that arise in the practice. As a result, the author keeps the
reader looking forward to what comes next and to actually
implementing what he or she has learned.Information
and ResourcesStephanie Black is a
writer--of words and code. When not writing, she runs a Linux
consultancy, Coastal Den Computing, in Vancouver, BC,
Canada.