Secure All Around: Mini Book Reviews

Three different security books--all good in their own ways--for three different kinds of security needs.


Title: Linux Server Security, 2nd Edition

Publisher: O'Reilly

ISBN: 0-596-00670-5
Price: $44.95

Buy Now!


Title: Hardening Linux

Publisher: Apress

ISBN: 1-59059-444-4
Price: $44.99

Buy Now!


Title: Hardening Apache

Publisher: Apress

ISBN: 1-59059-378-2
Price: $29.99

Buy Now!


I recently picked up three security-related titles that I thought were
worth reviewing: Linux Server Security, 2nd
Edition
, by Michael D. Bauer; Hardening
Linux
, by James Turnball; and Hardening Apache,
by Tony Mobily. O'Reilly and Apress books feel different from each other. I
like both publishers' products, but it's worth trying different flavors to
see which appeals to you more than the other on any given topic.

O'Reilly books are a bit prettier that Apress's. The font is lighter, tables use
lighter rules and greying to offset table headers and notes are marked
with icons. None of this affects the substance, but it feels more
polished--like attending a class.

Apress books, on the other hand, are less formal. The font is a bit
heavier, and the typography makes everything look more solid. When I'm reading
an Apress book, I feel closer to the author, almost like I'm on Usenet or trading
e-mail with an expert.

Linux Server Security has 13 chapters, totaling 487 pages. It's
written for a Linux administrator who has some security experience. I love
the first chapter, "Threat Modeling and Risk Management", because it does a
great job of talking about why everything else in the book is important
and teaches you how to think about it all together. Another good chapter
is "Simple Intrusion Detection Techniques" (Chapter 13), which talks about
both host-based and network-based intrusion detection.

After chapters covering general topics such as perimeter networks,
system hardening and remote administration, Bauer goes on to cover six
different kinds of bastion servers. Name servers, LDAP, databases,
e-mail, Web servers and file services each gets its own chapter. The
book then book returns to general topics, such as hitting logging and the
aforementioned intrusion detection.

I think Linux Server Security is a great value for
the price. It ought to be on your bookshelf if you've been tasked with
improving the security of your Linux host(s).

Hardening Linux is 11 chapters long and has 510
pages, discounting index and appendices. It's geared toward a Linux
professional who has a little security experience. Two features of this
book that I really like are Chapter six, "Using Tools for Security
Testing", and Appendix C, "Checkpoints", which gives a chapter-by-chapter
punch-list of practices from the book.

The first six chapters cover security in general and are followed by
five chapters covering three specific services: email, which gets three
chapters; FTP; and DNS. Reading the three chapters on e-mail is time well spent. The first
covers your MTA and looks at relaying as well as anti-spam and anti-virus tools.
The second chapter looks at mail as an application, covering authentication and
encryption. The third talks about providing remote access to e-mail by
way of POP, IMAP and fetchmail.

Hardening Linux provides a lot of value for the
price, particularly if you're just getting started with security. I
think it's a close second to Bauer's book.

Hardening Apache is the smallest and most focused
of the three titles discussed here. It weighs in at 236 pages, without
appendices and index, and seven chapters. Hardening
Apache
also seemed the most compelling of the three books. I
really liked Appendix C, "Chapter Checkpoints", and Chapter 7,
"Automating Security".

Hardening Apache covers the installation and
configuration of Apache, common vulnerabilities, logging, cross site
scripting (XSS), several security modules, chrooting and the
automation tools I mentioned before. It does not provide any coverage of
CGI-related security issues--outside of the XSS chapter--however, which
is a bit of a weakness.

Overall, I liked Mobily's book. As an administrator, I think it's worth
owning. If you're a Web developer, though, you might want to look for a
book more attuned to your specific needs.

______________________

--
-pate
http://on-ruby.blogspot.com

White Paper
Linux Management with Red Hat Satellite: Measuring Business Impact and ROI

Linux has become a key foundation for supporting today's rapidly growing IT environments. Linux is being used to deploy business applications and databases, trading on its reputation as a low-cost operating environment. For many IT organizations, Linux is a mainstay for deploying Web servers and has evolved from handling basic file, print, and utility workloads to running mission-critical applications and databases, physically, virtually, and in the cloud. As Linux grows in importance in terms of value to the business, managing Linux environments to high standards of service quality — availability, security, and performance — becomes an essential requirement for business success.

Learn More

Sponsored by Red Hat

White Paper
Private PaaS for the Agile Enterprise

If you already use virtualized infrastructure, you are well on your way to leveraging the power of the cloud. Virtualization offers the promise of limitless resources, but how do you manage that scalability when your DevOps team doesn’t scale? In today’s hypercompetitive markets, fast results can make a difference between leading the pack vs. obsolescence. Organizations need more benefits from cloud computing than just raw resources. They need agility, flexibility, convenience, ROI, and control.

Stackato private Platform-as-a-Service technology from ActiveState extends your private cloud infrastructure by creating a private PaaS to provide on-demand availability, flexibility, control, and ultimately, faster time-to-market for your enterprise.

Learn More

Sponsored by ActiveState