- Taschenbuch: 542 Seiten
- Verlag: O'Reilly & Associates; Auflage: 2 (21. Januar 2005)
- Sprache: Englisch
- ISBN-10: 0596006705
- ISBN-13: 978-0596006709
- Größe und/oder Gewicht: 17,8 x 2,8 x 23,3 cm
- Durchschnittliche Kundenbewertung: 1 Kundenrezension
- Amazon Bestseller-Rang: Nr. 289.578 in Fremdsprachige Bücher (Siehe Top 100 in Fremdsprachige Bücher)
- Komplettes Inhaltsverzeichnis ansehen
Linux Server Security (Englisch) Taschenbuch – 21. Januar 2005
Wird oft zusammen gekauft
Kunden, die diesen Artikel gekauft haben, kauften auch
Es wird kein Kindle Gerät benötigt. Laden Sie eine der kostenlosen Kindle Apps herunter und beginnen Sie, Kindle-Bücher auf Ihrem Smartphone, Tablet und Computer zu lesen.
Geben Sie Ihre Mobiltelefonnummer ein, um die kostenfreie App zu beziehen.
Wenn Sie dieses Produkt verkaufen, möchten Sie über Seller Support Updates vorschlagen?
Linux consistently appears high up in the list of popular Internet servers, whether it's for the Web, anonymous FTP, or general services such as DNS and delivering mail. But security is the foremost concern of anyone providing such a service. Any server experiences casual probe attempts dozens of time a day, and serious break-in attempts with some frequency as well. This highly regarded book, originally titled Building Secure Servers with Linux, combines practical advice with a firm knowledge of the technical tools needed to ensure security. The book focuses on the most common use of Linux--as a hub offering services to an organization or the Internet--and shows readers how to harden their hosts against attacks. An all-inclusive resource for Linux users who wish to harden their systems, Linux Server Security covers general security such as intrusion detection and firewalling a hub, as well as key services such as DNS, the Apache Web server, mail, and secure shell. Author Michael D.Bauer, a security consultant, network architect, and lead author of the popular Paranoid Penguin column in the Linux Journal, carefully outlines the security risks, defines precautions that can minimize those risks, and offers recipes for robust security. He is joined on several chapters by administrator and developer Bill Lubanovic. A number of new security topics have been added for this edition, including: Database security, with a focus on MySQL; Using OpenLDAP for authentication; An introduction to email encryption; The Cyrus IMAP service, a popular mail delivery agent; The vsftpd FTP server Geared toward Linux users with little security expertise, the author explains security concepts and techniques in clear language, beginning with the fundamentals. Linux Server Security with Linux provides a unique balance of "big picture" principles that transcend specific software packages and version numbers, and very clear procedures on securing some of those software packages on several popular distributions. With this book in hand, you'll have both the expertise and the tools to comprehensively secure your Linux system.
Über den Autor und weitere Mitwirkende
Michael D. (Mick) Bauer, CISSP, is Network Security Architect for alarge financial services provider. He is also Security Editor forLinux Journal Magazine, and author of its monthly "Paranoid Penguin" security column. Mick's areas of expertise include Linux security and general Unix security, network (TCP/IP) security, security assessment, and the development of security policies and awareness programs.
Welche anderen Artikel kaufen Kunden, nachdem sie diesen Artikel angesehen haben?
Das Buch ist bei mir mit Lesezeichen und markierten Texten zum schnellen Erledigen gelegentlich notwendiger Administrationsaufgaben versehen.
Die hilfreichsten Kundenrezensionen auf Amazon.com (beta) (Kann Kundenrezensionen aus dem "Early Reviewer Rewards"-Programm beinhalten)
For instance, for a book that introduces FTP servers, web servers, mail (imap/smtp), dns - they are like separate entities. They do not complete the picture by showing a complete network diagram with IDS / VPN, -- showing an example of all of their advice coming together in a working solution. And Kerberos isn't even mentioned.
They were extremely specific in some areas like talking about rpm example/debian/ make options and specific .conf options ad nauseum - which detracted from the whole picture. Is someone securing bind 4 really reading this book? Also, maybe a mention of apt-get - - but don't tell me how to install each package on every architecture - it just inflates the word count.
I don't think this book was focused enough in the 'big picture' of trying to piece together all of the tiny pieces into a coherant whole, while at the same time it gets cought up in the minute details of certain packages making for a tough read.
Perhaps they could have included an actual example company or two showing possible layouts of ldap in action with:
Anyone for OpenBSD?
First off is the reason I got a copy of this book. (thank god it was used) I am experimenting with options to lock down linux, I wanted to know about, and set up a wide range of technologies to get a good feeling for how much security linux can provide.
I was quite happy to see a section covering how to be a small time CA. (found at the beginning of the stunnel section) This section is so bad, it doesn't even use the right options to say sign a cert from a different server. That is right a book I paid money for didn't even bother to look up the correct options to sign a cert, to be a small time CA? The kerberos section was ok, but it reads like a hobbyist wrote the chapter, and not an experienced admin. I found myself taking notes to follow along, just to redo the instructions to fit my own needs. Lastly ldap. This chapter is simply so awful it inspired me to write this review. I was testing the chapters of this book against the current Debian stable. The only thing this book is good for, is to let you know what other books you should buy instead. I just placed orders for dedicated books, on the chapters from this book I was interested in learning more about.
To recap: The instructions are wrong, the book is inconsistent. I am ashamed o'reilly let this book pass as they have some of the best books.
By Michael D. Bauer
Second Edition January 2005
544 pages, $44.95 US
This book goes along with the moving trend of the normal computer user, securing your data. Servers generally are targeted more often than the average home PC because most are made to be accessible from the outside world. This is where securing that server comes into play. This book covers the tools and techniques to securing your Bastion host.
First I'd like to start out and explain what Bastion host means as according this book so you can understand what this book covers more specifically. Bastion Host is defined as "A system that runs publicly accessible services but is usually not itself a firewall. Bastion hosts are what we put on DMZ (although they can be put anywhere). The term implies that a certain amount of system hardening has been done, but sadly, this is not always the case."
After you understand what a Bastion host is defined as, you should understand that this book mainly covers these server daemons and the systems that run them. But some of the information applies to a Linux desktop system such as a per host iptables firewall, using secure shell, keeping up with your logs, and intrusion detection. Most of these things the average user doesn't care much about but sometimes being paranoid comes in handy.
Someone who would most likely use this book more than the average desktop user would probaly be a system administrator. Securing web, database, ftp, dns, and email servers is what majority of this book contains. Along with covering these server systems, there are guides to securing the Linux system that runs these daemons along with designing the networks around these types of hosts.
One of the sections I'm most fond of is Chapter 2: Designing Perimeter Networks. With this section you can really take a look at the design and layout of the different types of networks and figure out the portions that suit your needs for your own network. The diagrams shown in this chapter help explain what is going on with the traffic and allows you to see exactly what is going on and at what points the systems are protected.
At the end of the book there are 2 well commented iptables firewall scripted that allow you to get a feel for the netfilter iptables system if you're not familiar with it already. With some modification of these scripts you can easily bring them into a working environment depending on your situation, which sometimes these helps with some of the frustration with the iptables syntax. I personally prefer the PF system within OpenBSD for it's clean syntax and have grown away from iptables, but both are powerful firewall systems and should fit the needs of your network.
I'd definitely recommend this book to system admins or anyone who is paranoid about their security. Security is always something that people should be educated about.
Pensacola Linux User's Group
Though certainly not all encompassing, the book touches on several key elements of server security, including DNS, Email, File Servers, Web Services, IDS methods and more. People new or just curious about Linux server security will gain the most. More experienced system administrators will find a few implementation tips and useful background information for presentation or training purposes.
Unlike many server security books, this one includes some notes on alternatives to the most popular software packages. For example, the chapter on securing Internet email includes excellent tips on securing both Sendmail and Postfix while the IDS chapter covers the popular Tripwire package and some lesser-known integrity checkers. References and the end of each chapter are provided to point you to even more solutions.
This book certainly will not replace a dedicated reference volume, but I find it to be a good summary of major security practices for bastion hosts. Note that the book focuses primarily on host hardening. Though there are some sections on network security, most of the chapters focus on locking down your server. So if you are mainly interested in network clusters, network surveillance, or honeypots, you will probably want to find another reference. Also, if you have several years of experience, you may not find too much new information, but the book is a handy reference volume that can point you in the right direction. If, however, you are new to Linux server security or just simply want a concise summary of common security practices, then this will be a welcomed addition to your technical library.