Principles of Network and System Administration: A Book Review
Textbooks are not always just for the classroom. Sometimes, they're for holding up bookcases, large pots with plants in them and for keeping doors/windows open. Occasionally, they are the treasure chests of information a soul requires to do something for the betterment of self, system and/or network.
This little book will improve all three. Principles of Network and System Administration is neither big nor flashy, but it is probably one of the best works in the genre. It builds on an extensive body of work by others in the field and pulls the information together in such a way that the material is easily comprehended and absorbed. Burgess' writing is clear and engaging, something few textbooks achieve.
Burgess approaches both network and system administration from the perspective of "those principles and ideas of system administration which do not change on a day-to-day basis..." (from the Preface). The first principle Burgess sets out has to do with permissions:
Restriction of unnecessary privilege protects a system from accidental and malicious damage, and infection by viruses, and prevents users from concealing their actions with false identities. It is desirable to restrict users' privileges for the greater good of everyone on the network.
Burgess pays particular attention to the effects of given actions on the networked community, whether that network is a LAN or the Internet. We live in an age of networks, where what one user does most certainly and directly affects others on-line. This theme runs throughout the book, particularly in discussions of security, access to resources, data separation and permissions. The balance between individual users' rights and the needs of the community must be carefully weighed and balanced by the system/network administrator.
Security is thoroughly discussed in two consecutive chapters. "Chapter 9: Principles of Security" covers a gamut of topics ranging from the physical security of a system to an overview of some common network attacks. Burgess nicely sums up the four basic elements of security (privacy, authentication, trust and integrity) and binds them to the underlying principle of security: "The fundamental requirement for security is the ability to restrict access and privilege to data."
By access, the author means those events that can corrupt/remove data, i.e., electrical storms, accidents and the like. If these events don't have access to data (because the data and/or backups are stored separately from where the effects of these events are likely to be felt) the data is partially secure; if users' privileges are guarded and enforced, the data is more secure still.
Burgess pays perhaps more attention than many of his author colleagues to the human factor in system and network administration, the sociology of computer users. He raises the question of security vs. user convenience, pointing out that inconvenient security measures will be more likely to be circumvented by users than be effective.
The same principle applies to overly conspicuous security measures in the face of an accomplished cracker. Security measures must be taken, but to make them obvious frequently serves as a temptation for the malicious user to get around a barrier to what (being so well-protected) may just be very valuable information. Then again, the pay-off for such a user may merely be bragging rights. The system's administrator is advised to verify such claims first, deal with the situation methodically and avoid panic altogether.
Chapter 10 deals thoroughly with security implementation, from analysis of network security, to WWW security, to intrusion detection and forensics. Again, the specifics of methodology are not the issue, but the reasoning used in setting up protected systems appropriately is.
If you don't come to systems administration from a scientific/mathematical background, you'll want to have a good math reference or two while going through "Chapter 11: Analytical System Administration". There are several references to statistical and calculus formulae that are better understood, and even implemented, if the reader has a faint idea of what Burgess is doing with the numbers. This is not to disparage the chapter at all. Evidence collection is a requirement of systems administrators if policies are to have any relationship to (or bearing on) user behavior or that of hardware and software performance over a period of time.
In addition to his focus on Linux/FreeBSD, Burgess also shows a strong appreciation for, and understanding of, the value of cfengine as the system administrator's "best friend". While its entries in the index are inaccurate, cfengine is well-delineated on pages 144-145, and again on pages 158-159. Especially nice is his description of how cfengine can be used simply by setting up its time classes to work as a user interface for cron, as a sort of front end with a variety of scripts as required. Pages 385-392 cover the use of cfengine in programming/automating tasks.
As an educator at Oslo College, Norway, Burgess demonstrates an alternate application of Principle 50, which states: "Every change or effect happens in response to a cause, which provokes it." Exercises at the end of each chapter are geared to grounding the reader in both theory and practice of network/system administration.
Appendix C contains introductions to, and brief code snippets of, several common scripting languages (PHP, HTML, Perl and CGI), as well as make. Useful if you're system administrator for a server!
Burgess has presented a work that pays great attention to the heuristics of system and network administration; technical and sociological issues are taken into account equally and are presented thoughtfully with an eye to teaching not what to do as a system or network administrator, but how to think about problems that arise in the practice. As a result, the author keeps the reader looking forward to what comes next and to actually implementing what he or she has learned.
Stephanie Black is a writer--of words and code. When not writing, she runs a Linux consultancy, Coastal Den Computing, in Vancouver, BC, Canada.
|Dynamic DNS—an Object Lesson in Problem Solving||May 21, 2013|
|Using Salt Stack and Vagrant for Drupal Development||May 20, 2013|
|Making Linux and Android Get Along (It's Not as Hard as It Sounds)||May 16, 2013|
|Drupal Is a Framework: Why Everyone Needs to Understand This||May 15, 2013|
|Home, My Backup Data Center||May 13, 2013|
|Non-Linux FOSS: Seashore||May 10, 2013|
- RSS Feeds
- Making Linux and Android Get Along (It's Not as Hard as It Sounds)
- Using Salt Stack and Vagrant for Drupal Development
- Dynamic DNS—an Object Lesson in Problem Solving
- New Products
- Validate an E-Mail Address with PHP, the Right Way
- Drupal Is a Framework: Why Everyone Needs to Understand This
- A Topic for Discussion - Open Source Feature-Richness?
- Download the Free Red Hat White Paper "Using an Open Source Framework to Catch the Bad Guy"
- Tech Tip: Really Simple HTTP Server with Python
- Roll your own dynamic dns
3 hours 33 min ago
- Please correct the URL for Salt Stack's web site
6 hours 45 min ago
- Android is Linux -- why no better inter-operation
9 hours 35 sec ago
- Connecting Android device to desktop Linux via USB
9 hours 29 min ago
- Find new cell phone and tablet pc
10 hours 27 min ago
11 hours 56 min ago
- Automatically updating Guest Additions
13 hours 4 min ago
- I like your topic on android
13 hours 51 min ago
- This is the easiest tutorial
20 hours 26 min ago
- Ahh, the Koolaid.
1 day 2 hours ago
Enter to Win an Adafruit Pi Cobbler Breakout Kit for Raspberry Pi
It's Raspberry Pi month at Linux Journal. Each week in May, Adafruit will be giving away a Pi-related prize to a lucky, randomly drawn LJ reader. Winners will be announced weekly.
Fill out the fields below to enter to win this week's prize-- a Pi Cobbler Breakout Kit for Raspberry Pi.
Congratulations to our winners so far:
- 5-8-13, Pi Starter Pack: Jack Davis
- 5-15-13, Pi Model B 512MB RAM: Patrick Dunn
- 5-21-13, Prototyping Pi Plate Kit: Philip Kirby
- Next winner announced on 5-27-13!
Free Webinar: Hadoop
How to Build an Optimal Hadoop Cluster to Store and Maintain Unlimited Amounts of Data Using Microservers
Realizing the promise of Apache® Hadoop® requires the effective deployment of compute, memory, storage and networking to achieve optimal results. With its flexibility and multitude of options, it is easy to over or under provision the server infrastructure, resulting in poor performance and high TCO. Join us for an in depth, technical discussion with industry experts from leading Hadoop and server companies who will provide insights into the key considerations for designing and deploying an optimal Hadoop cluster.
Some of key questions to be discussed are:
- What is the “typical” Hadoop cluster and what should be installed on the different machine types?
- Why should you consider the typical workload patterns when making your hardware decisions?
- Are all microservers created equal for Hadoop deployments?
- How do I plan for expansion if I require more compute, memory, storage or networking?