The Concept of Security

"We're not a security guard company. We
sell a *concept* of security."-- Michael Kaye, president of Westec,
a residential security company.

Title:
Secrets
of Computer Espionage: Tactics and
CountermeasuresAuthor:
Joel McNamaraISBN:
0-7645-3710-5Publisher:
Wiley

Title:
Linux
Security
CookbookAuthors:
Daniel J. Barrett, Richard Silverman and Robert G.
ByrnesISBN:
0-596-00391-9Publisher:
O'ReillyAs I sat one morning working on some loose ends, my e-mail
inbox signaled the arrival of some new message. Experience is the
best teacher, and my experience told me this was a new worm or
virus.The attachment was zipped, so I saved it to my Windows
desktop and then FTPed it to one of my Linux boxes. Once there, I
was safe to play with it the way a cat plays with a small mouse it
caught. Such is the nature of security today. What I once loathed,
I now treat as a daily component of handling information.The security layer is not as static as other parts of the
information infrastructure; it changes and evolves new
countermeasures constantly. I don't try to keep up with everything,
but I do pay attention. Two books have caught my attention, one
because it is a cookbook for Linux security, a time saver, and the
other because it covers other things I don't deal with, but having
the knowledge helps one make connections. My third and more
personal reason is I do not like being surprised. When you have
enough bad experiences with security issues, you come to understand
this.Secrets of Computer Espionage is an
informative--and if you're a geek--an entertaining book. My
expectation was this book would point me to a number of
security-oriented Web sites, which it does. But as the author
explains, spying techniques and countermeasures also should explore
concepts of what you should protect, risk analysis in making
determinations and even who are potential spies.It would be enough if all the book covers is computer
security, but it goes beyond that to electronic devices such as
faxes, shredders, cell phones, PDAs and MP3 players. Many of the
listed Web sites have a Windows orientation, but it's not
exclusive. Linux and UNIX are included in this party.As I'm not a security or "spook" type, I give the topic the
time slice I can afford to allocate to it so I can do what I need
to do, but this book has pushed security and how I think about it
to a different level. My advice is the next time you go to your
local bookseller, locate a copy, buy a cup of coffee and spend some
time with it. I bet you'll be hooked.The Linux Security Cookbook is much more
focused in its scope, concentrating on providing recipes that
readers can put quickly into use. The book is ideal for a Linux
sysadmin in a small shop, where he/she is all things to all users.
This book is not the complete and final word on Linux security, and
it doesn't try to be. Instead, it is a series of security HOWTOs
aimed at helping a system administrator make the best use of their
time.In my job as a UNIX/Linux support engineer, I deal with a
focused area (High Availability clusters) and often deal with
sysadmins who have little or no experience with a problem they
encounter. Many of them, especially from smaller shops, are
apologetic about their ignorance on some topic of HA clustering. I
dismiss this immediately and tell them that when I was a sysadmin
it was the same for me. The important thing is not knowing all the
information, but knowing where to find it.A short summary of the topics covered in this book begins
with Tripwire and moves on to topics such as iptable and ipchains,
network access control, authentication control, testing and
monitoring. This is not a book I would read for recreational
purposes, but it is a book I would reach for when some security
issue has raised a red flag or when I feel I need to be proactive
on some issue.Frank Conley is a UNIX
support engineer for Hewlett-Packard. He has been working and
playing with Linux since 1995 and welcomes your comments.

email: fhc@rc.atl.hp.com