Title: Linux Server Security, 2nd Edition

Publisher: O'Reilly

ISBN: 0-596-00670-5

Price: $44.95

Buy Now!

Title: Hardening Linux

Publisher: Apress

ISBN: 1-59059-444-4

Price: $44.99

Buy Now!

Title: Hardening Apache

Publisher: Apress

ISBN: 1-59059-378-2

Price: $29.99

Buy Now!

I recently picked up three security-related titles that I thought were worth reviewing: Linux Server Security, 2nd Edition, by Michael D. Bauer; Hardening Linux, by James Turnball; and Hardening Apache, by Tony Mobily. O'Reilly and Apress books feel different from each other. I like both publishers' products, but it's worth trying different flavors to see which appeals to you more than the other on any given topic.

O'Reilly books are a bit prettier that Apress's. The font is lighter, tables use lighter rules and greying to offset table headers and notes are marked with icons. None of this affects the substance, but it feels more polished--like attending a class.

Apress books, on the other hand, are less formal. The font is a bit heavier, and the typography makes everything look more solid. When I'm reading an Apress book, I feel closer to the author, almost like I'm on Usenet or trading e-mail with an expert.

Linux Server Security has 13 chapters, totaling 487 pages. It's written for a Linux administrator who has some security experience. I love the first chapter, "Threat Modeling and Risk Management", because it does a great job of talking about why everything else in the book is important and teaches you how to think about it all together. Another good chapter is "Simple Intrusion Detection Techniques" (Chapter 13), which talks about both host-based and network-based intrusion detection.

After chapters covering general topics such as perimeter networks, system hardening and remote administration, Bauer goes on to cover six different kinds of bastion servers. Name servers, LDAP, databases, e-mail, Web servers and file services each gets its own chapter. The book then book returns to general topics, such as hitting logging and the aforementioned intrusion detection.

I think Linux Server Security is a great value for the price. It ought to be on your bookshelf if you've been tasked with improving the security of your Linux host(s).

Hardening Linux is 11 chapters long and has 510 pages, discounting index and appendices. It's geared toward a Linux professional who has a little security experience. Two features of this book that I really like are Chapter six, "Using Tools for Security Testing", and Appendix C, "Checkpoints", which gives a chapter-by-chapter punch-list of practices from the book.

The first six chapters cover security in general and are followed by five chapters covering three specific services: email, which gets three chapters; FTP; and DNS. Reading the three chapters on e-mail is time well spent. The first covers your MTA and looks at relaying as well as anti-spam and anti-virus tools. The second chapter looks at mail as an application, covering authentication and encryption. The third talks about providing remote access to e-mail by way of POP, IMAP and fetchmail.

Hardening Linux provides a lot of value for the price, particularly if you're just getting started with security. I think it's a close second to Bauer's book.

Hardening Apache is the smallest and most focused of the three titles discussed here. It weighs in at 236 pages, without appendices and index, and seven chapters. Hardening Apache also seemed the most compelling of the three books. I really liked Appendix C, "Chapter Checkpoints", and Chapter 7, "Automating Security".

Hardening Apache covers the installation and configuration of Apache, common vulnerabilities, logging, cross site scripting (XSS), several security modules, chrooting and the automation tools I mentioned before. It does not provide any coverage of CGI-related security issues--outside of the XSS chapter--however, which is a bit of a weakness.

Overall, I liked Mobily's book. As an administrator, I think it's worth owning. If you're a Web developer, though, you might want to look for a book more attuned to your specific needs.