Book Reviews

The following book reviews are the copyright of their respective authors and no part should be reproduced without the express permission of the author. Publishers and Authors of the books reviewed may reproduce the whole or extracts of a review for their book. To request copyright permission please email webmaster@birmingham.pm.org.

All the reviews herein are the opinions of the reviewer and are not necessarily the views of Birmingham Perl Mongers and its members. If you feel a review or comment has been made in error, please contact webmaster@birmingham.pm.org to rectify the situation.

Linux Books

Static Link: http://birmingham.pm.org/reviews/25

 
Linux Security Cookbook
Title:Linux Security Cookbook
Author(s):Daniel J. Barrett, Richard Silverman, Robert G. Byrnes
ISBN:0-596-00391-9
Publisher:O'Reilly Media
Reviewer:Jon Brookes

This is a book of examples, each short, sometimes terse but always straight to the point. I found all recipes to be clear and easy to follow. Because of the quick short burst approach of short question 'how do I do such and such' followed by a brief and to the point answer, I found myself using the books recipes with minimum effort and very little reading. This book is a real speed tool. All of the recipes are based on Linux but some are still useful to the UNIX administrator regardless of what UNIX flavour you favour.

Tripwire is featured in the opening pages for example. This application is available to many UNIX users. Where the Linux officianado can safely, for the moment, remain smug is in the knowledge that LINUX has such excellent kernel support for firewall technologies in the form of 'ipchains' and more recently 'iptables'.

Firewalls using both iptables and ipchains are featured immediately after Tripwire. The reasons for this are obvious - start with Tripwire when you build your system and BEFORE you even connect to the Internet. Then configure your firewall. Now, connect to the net. Once your system is secured from a 'metal up' build in this manner, the text progresses to other aspects of security, building from a known base.

Local 'system security', in the form of OS file permissions and secure data encryption using GPG to mention but two categories covered give us no excuse to not to arrange for our private data to stay private. We are even encouraged to backup 'private keys' in a way that is not only safe but also easily recoverable in the event of severe system failure.

Network connections both to and from your system using hosts.allow through to SSH are explained and demonstrated very concisely and as always, by example. SSH can of course be used to do much more than just interactively open a shell to another system in a more secure manner than Telnet can. I really like one of the recipes that shows how to set up secure SSH tunnels through which you can run 'insecure' applications and protocols - plain text NNTP for example and then using tin through the tunnel to actually read News. This is easily applied to other applications - mail readers, X forwarding etc.

Concluding Thoughts

The book is a bit on the thin side if compared to say, the Perl Cookbook. If this is republished at a later date, it would be nice to think that the existing examples could be kept up to date and new ones added to expand this into a definitive text that no one would want to be without.

This said, I have spent far too little time writing down what I think of this book as I have been far too busy USING it. If you are in any doubt that you don't know everything there is to know on Linux Security, do not hesitate to buy this book. If you don't use Linux and are predominately a UNIX user, buy this book - it will convince you to try out Linux for it's advanced security features and to use more fully the tools already at your disposal by virtue of the Open Source movement.

I think that you are paying for this book to have lot's of very short, very well written 'how-to's'. Its a book for the very busy administrator that needs answers fast. This claim has been used by other titles I have seen in the past but few have given such comprehensive and useful information as effectively as this does.

This text is not for you though if, for example, you were to pick it up not knowing what a firewall is and expecting to learn all about iptables. To benefit from this title, you need to have a basic grounding of what such tools do, else, the ability to find out more and then return to the book to find out just 'how to' do things with them.

It is true to say that any or all of the information in this book is on line already, somewhere. That's the clinch though, rarely will you find such cogent arguments for best security practice and corresponding HowTos in one place and in such a condensed form.

- Jon Brookes, Nov 2003