Hack Proofing Linux: A Book Review

Computer security, Linux related or not,
has always been a dynamic, ongoing process. Keeping abreast of all
the security issues necessary to protect my office network (and
subsequently, my livelihood) from the Black Hats prowling the
Internet takes a considerable conscious effort on my part. I've
read a few Linux security books and innumerable articles on the
subject in an attempt to wrap my head around all these issues.
Still, my network security education and vigilance has often been
frustrating, exhausting and left me wanting for a comprehensive and
integrated way to roll out a secure Linux box; a recipe or
protocol, if you will. Hack Proofing Linux is
the answer. It's the first (that I've seen) comprehensive,
end-to-end security implementation for bringing up a Linux box and
exposing it to the harsh environment that is the Internet. If, like
me, you want a detailed, straightforward, step-by-step guide that
utilizes all open-source tools when configuring a new Linux box for
duty on the Internet, then this book is for you.This 600+ page book walks you through hardening your Linux
box, port scanning, probing your system for viruses and DDoS attack
software, implementing an intrusion detection system, sniffing
networks, network authentication and encryption, creating a virtual
private network, setting up and maintaining a firewall, and
installing a proxy web server. The book is written with both
newbies and experienced users in mind. Security measures can be
followed in real life in the order they are covered in the book,
which is recommended in the case of a new Linux box and/or
administrator. Alternatively, a particular section--installing
OpenSSH for example--can be implemented separately by more
experienced users.There's nothing like a GUI to get newbies on board with Linux
software, which is why I really liked that the authors demonstrated
how to use the security tools via the available GUIs as well as the
command line. The authors' integrated GUI and command line approach
makes the complex topic of security less intimidating to would-be
practitioners while strengthening system administration skills by
reinforcing the power of the command line.Book highlights include: a detailed explanation of the
changes made to configuration files when using Bastille Linux; a
well documented (with screenshots) example of sniffing packets with
Ethereal--both before and after installing SSH--to demonstrate how
passwords are sniffed; and a patient, stepwise approach to the
lengthy and involved installation of a VPN using FreeS/WAN.Not just a methodical how-to manual, the text is a good Linux
security reference as well. The information is clearly written and
well organized, and includes chapter summaries, quick references
and checklists. Garnering massive cool points is the accompanying
business card-sized CD that contains open-source security tools,
code examples from the book and an electronic version of the book
in HTML format. With this CD, you can carry a Linux security manual
and toolbox around in your pocket. Want to meet people of the
opposite sex? Take the CD to your next LUG installfest. You'll be
the most popular person there!Product
InformationGlen Otero has a PhD in
immunology and microbiology and runs a consulting company called
Linux Prophet in San Diego, California.

email: gotero@linuxprophet.com