Linux Today: Linux News On Internet Time.

UnixReview: Real World Linux Security: Intrusion Prevention, Detection, and Recovery [Book Review]

Sep 03, 2001, 18:03 (1 Talkback[s])
(Other stories by Ben Rothke)
"Although it comprises nearly 700 pages, Real World Linux Security is light on filler and bursting with important information on how to secure a Linux host. In reference to space filler, other books often have about a third of their content made up of screen prints and source code listing. Toxen's book fortunately does not use that route and instead directs readers to either a Web site or the companion CD-ROM for source code. The book is useful for all flavors of Linux, yet nearly all of the topics can be applied to other operating systems as well, because the threats are basically the same -- only the common line usage changes.

At page 25 -- where many other security books would still be addressing abstract ideas about computer security -- Real World Linux Security deals with Linux?s "Seven Most Deadly Sins." Some of them are: weak passwords, old software versions, open network ports, and poor physical security. Just a few of the other critical security topics covered in the book are: common break-ins by subsystem, establishing security policies, hardening your system, and scanning your system for anomalies.

While much of the book is akin to "Linux Security 101," advanced topics and defenses are also covered. The wide-ranging topics of the book include not only Linux host security, but also what to do when an intrusion has occurred. Part 4 of the book is "Recovering From an Intrusion." The knee-jerk response of many systems administrators is to power down a system in the event of an intrusion. However, in reality, that is often the worst thing to do. Powering-down a system makes digital forensics much more difficult. A methodical and planned approach to intrusions is required, and the book details the appropriate steps to use."

Complete Story

Related Stories: