Hack Proofing Linux: A Book Review
Computer security, Linux related or not, has always been a dynamic, ongoing process. Keeping abreast of all the security issues necessary to protect my office network (and subsequently, my livelihood) from the Black Hats prowling the Internet takes a considerable conscious effort on my part. I've read a few Linux security books and innumerable articles on the subject in an attempt to wrap my head around all these issues. Still, my network security education and vigilance has often been frustrating, exhausting and left me wanting for a comprehensive and integrated way to roll out a secure Linux box; a recipe or protocol, if you will. Hack Proofing Linux is the answer. It's the first (that I've seen) comprehensive, end-to-end security implementation for bringing up a Linux box and exposing it to the harsh environment that is the Internet. If, like me, you want a detailed, straightforward, step-by-step guide that utilizes all open-source tools when configuring a new Linux box for duty on the Internet, then this book is for you.
This 600+ page book walks you through hardening your Linux box, port scanning, probing your system for viruses and DDoS attack software, implementing an intrusion detection system, sniffing networks, network authentication and encryption, creating a virtual private network, setting up and maintaining a firewall, and installing a proxy web server. The book is written with both newbies and experienced users in mind. Security measures can be followed in real life in the order they are covered in the book, which is recommended in the case of a new Linux box and/or administrator. Alternatively, a particular section--installing OpenSSH for example--can be implemented separately by more experienced users.
There's nothing like a GUI to get newbies on board with Linux software, which is why I really liked that the authors demonstrated how to use the security tools via the available GUIs as well as the command line. The authors' integrated GUI and command line approach makes the complex topic of security less intimidating to would-be practitioners while strengthening system administration skills by reinforcing the power of the command line.
Book highlights include: a detailed explanation of the changes made to configuration files when using Bastille Linux; a well documented (with screenshots) example of sniffing packets with Ethereal--both before and after installing SSH--to demonstrate how passwords are sniffed; and a patient, stepwise approach to the lengthy and involved installation of a VPN using FreeS/WAN.
Not just a methodical how-to manual, the text is a good Linux security reference as well. The information is clearly written and well organized, and includes chapter summaries, quick references and checklists. Garnering massive cool points is the accompanying business card-sized CD that contains open-source security tools, code examples from the book and an electronic version of the book in HTML format. With this CD, you can carry a Linux security manual and toolbox around in your pocket. Want to meet people of the opposite sex? Take the CD to your next LUG installfest. You'll be the most popular person there!
Glen Otero has a PhD in immunology and microbiology and runs a consulting company called Linux Prophet in San Diego, California.