Real World Linux Security. [Englisch] [Taschenbuch]

Anyone administering Linux systems will learn at least one security improvement from RWLS. For example, I applied Bob's suggestion to prevent X from listening on the 6000-series TCP ports. Youngsters will learn why password files incorporate a "salt" and how the "sticky bit" prevents file deletion under certain conditions. Graybeards may enjoy the tech history, like the origin of the word "spam" for unsolicited commercial email.

RWLS' strongest feature is Bob's commitment to defending his security suggestions. He doesn't just provide instructions. He states the problem, its origin, how to resolve it, other options, and finally defends his solution. One might disagree with his conclusions but appreciate his reasoning.

Bob can make these arguments because he's comfortable discussing Linux at the user interface level (GUI or command line), at the network level (protocols, sockets, ports) and at the operating system and programming levels (system calls, C programming, etc.) This reminded me of Radia Perlman's "Interconnections" networking book, where she explains protocols she invented, such as the spanning tree algorithm.

RWLS is not perfect. The "one way credit card data path" proposal needs a diagram. Page 500's says a "." in TCPDump means no flags are set, when really "." means neither the SYN, FIN, RST nor PSH flags are set. ("." is frequently seen in TCPDump with the ACK flag, for instance.) On page 232, I think Bob meant to mention ARP, not RARP. These are minor errors overshadowed by RWLS' depth of knowledge.

Other books can claim to offer "practical" security advice, but I found RWLS to be the first purely defensive-minded book which required one eye on the text and the other on my laptop. Reading and typing, I added a few more weapons to my defensive arsenal by trying commands and altering system settings. I plan to reread advanced sections after I learn more about shell scripting and C programming.

If you feel you've got nothing more to learn from security books, give Bob Toxen's work a shot. If you're just beginning in the field, be prepared to "grow into" RWLS.

With that, can network security and commercial off-the-shelf operating systems ever be impervious to assault, damage, or failure? Not even the largest seller of security snake oil would say yes to such a statement. Information security adversaries are already at the gate, posing legitimate threats; it is not a question of if networks will be attacked, but when. It is within this framework that Bob Toxen presents Real World Linux Security, a superb overview of how to comprehensively secure a Linux system.

Toxen is one of the original developers of Berkeley Unix, and his book is full of interesting historical tidbits from the computer science halls of UC Berkeley in the early 1970s. When it comes to Unix security, Toxen?s mantra is certainly "been there, done that." Toxen is one of a very few writers who can write in the first person about developing operating systems while dropping names such as Bill Joy and Ken Thompson.

Although it comprises nearly 700 pages, Real World Linux Security is light on filler and bursting with important information on how to secure a Linux host. In reference to space filler, other books often have about a third of their content made up of screen prints and source code listing. Toxen's book fortunately does not use that route and instead directs readers to either a Web site or the companion CD-ROM for source code. The book is useful for all flavors of Linux, yet nearly all of the topics can be applied to other operating systems as well, because the threats are basically the same -- only the common line usage changes.

At page 25 -- where many other security books would still be addressing abstract ideas about computer security -- Real World Linux Security deals with Linux?s "Seven Most Deadly Sins." Some of them are: weak passwords, old software versions, open network ports, and poor physical security. Just a few of the other critical security topics covered in the book are: common break-ins by subsystem, establishing security policies, hardening your system, and scanning your system for anomalies.

While much of the book is akin to "Linux Security 101," advanced topics and defenses are also covered. The wide-ranging topics of the book include not only Linux host security, but also what to do when an intrusion has occurred. Part 4 of the book is "Recovering From an Intrusion." The knee-jerk response of many systems administrators is to power down a system in the event of an intrusion. However, in reality, that is often the worst thing to do. Powering-down a system makes digital forensics much more difficult. A methodical and planned approach to intrusions is required, and the book details the appropriate steps to use.

The book comes with a CD that has a lot of useful programs and custom-written scripts. The CD-ROM includes most of the popular security tools including, nmap, crack, tcpdump, snort, and more. Although most of the software is freeware and available on the Internet, having all of the tools on a single CD-ROM is a timesaver.

The only complaint I have about the book is the use of skulls for the danger level. One skull indicates a minor effect or risk, while five skulls means the risk is too dangerous. It is often hard to discern whether the skulls refer to the topic just mentioned, or the subsequent one.

While many of the threats and vulnerabilities in the book indeed have five skulls, Real World Linux Security deserves five stars. It is an excellent reference about Linux security -- a topic that, while timely, does not always get the respect it deserves.