Securing Linux: A Survival Guide for Linux Security
by David Koconis, Jim Murray, Jos Purvis, Darrin Wassom
Average Customer Review:
Paperback (01 February, 2003)
list price: $39.00 -- our price: $39.00
(price subject to change: see help)
US | Canada | United Kingdom | Germany | France

Reviews (4)

Linux Makes the World Load Faster
Wow!What a book.Although I know very little about Linux as an OS, even less about security and can barely dress myself, I successfully used this book to set-up a secure, linux-based environment for my top-notch anime collection...All in all, I highly recommend this product...

Refreshing and Informative
Why does every book on Linux try to tackle too many issues? Let's face it, 700-800 or even a 1000 pages is just TOO much information. If you are looking for a complete and concise guide to securing your Red Hat Linux installation then I HIGHLY recommend picking up this book.

I would rank this as a book that is perfect for intermediate Unix admins but a colleague of mine without ANY Linux experience said she found this book to be a valuable resource in her steep learning curve. The book provides many examples of different configurations and provides great pointers to other resources if you want more information about a particular topic.

All in all, I was VERY impressed with this book and I would consider it a "must have" for anyone interested in securing their Red Hat Linux installations.

Great technical manual!!
The excellent SANS "Securing Linux Step by Step"guide suffers from a
major problem: you can't cut-and-paste the commands from it into your
Linux system! The desire to do so constantly appear while reading the
manual, and I was very eager to try some of the things described
thereof.

The guide presents ultimate hands-on, indeed as step-by-step as they
do. A little of text and a lot of commands to accomplish it!All
configuration "recipes" are supposed to be tested by many of the guide
contributors and reviewers. I have found no inaccuracies of any kind.

Its a pity that there is no way to cut and paste from the book and
click on links too. The guide begs to have a CD, floppy or a companion
site since commands need to be typed on the server.

The book starts from a nice security policy primer and a summary of
security principles, which even touch upon physical security, backups
and other useful operational issues.

The range of advice is wide and covers everything from very basic
passwords security to complicated methods of chrooting various network
daemons for extra security. The complete step-by-step instructions for
chrooting bind and ssh are provided together with several sample
configuration files. Tips on securing many Linux applications such as
Apache, Sendmail, Bind, Samba are also detailed in separate
chapters. Securing Wu-FTPD, however pointless it might be in light of
a flood of attacks, is also described. Its a pity that common
replacements such as qmail, proftpd and djbdns are not covered.

While other books offer more breadth (such as coverage of many
different tools etc), this is ideal for those seeking depth. This
guide would likely not win any literature prizes, but can save a life
of a Linux admin.

Moreover, even if you think you know _everything_ about Linux security
- read it anyway, since you find some new stuff, just like I did. On
the other hand, complete novices will also benefit from it greatly,
since even just typing the command blindly and then reading up on them
and gaining in-depth understanding is no the worst way to jump start
your Linux security expertise. Overall, if you own or administer a
Linux system - get the guide.

Anton Chuvakin, Ph.D., GCIA, GCIH is a Senior Security Analyst with a
major information security company. His areas of infosec expertise
include intrusion detection, UNIX security, forensics, honeypots,
etc. In his spare time he maintains his security portal
info-secure.org ... Read more

Isbn: 097242735X
Sales Rank: 654562

SANS GIAC Certification: Security Essentials Toolkit (GSEC)
by Eric Cole, Mathew Newfield, John M. Millican, Stephen Northcutt, Matthew Newfield
Average Customer Review:
Paperback (18 March, 2002)
list price: $49.99 -- our price: $34.02
(price subject to change: see help)
US | Canada | United Kingdom | Germany | France

Editorial Review

The best way to develop a working knowledge of anything is to actually work with it--see it work, see it fail, and see what happens when variables are adjusted. Under the guise of an exam-preparation aid, SANS GIAC Certification: Security Essentials Toolkit guides its readers through a series of carefully designed experiments that collectively illustrate how attackers go about breaking into (or just plain breaking) their targets. The authors assume little background knowledge on the reader's part and take care to show you what you need to do in order to see the effects they're trying to demonstrate. This is, above all, a laboratory manual, and the authors deserve kudos for their effort to ensure that you can reproduce their results. A highly graphical design and wide, lay-flat binding make this book all the more useful as a hands-on companion.

The authors' dedication to standardization is evident from the first exercise (this book consists almost entirely of exercises), in which they show how to build a dual-boot system with both Linux and Windows 2000 installed. The idea is that you can build this system once, make an image of it, and then be able to repeatedly break and rebuild your system without wasting time. Subsequent exercises deal with different types of attacks and the defenses that are effective against each. Each exercise has an explicitly illustrated procedure--usually illustrating a successful attack and a failed one (i.e., one that was defended against). You learn not only to install defensive software and trust it, but also to recognize evidence of attacks in log files and in behavioral symptoms. More security books--and technical books in general--should be like this one. --David Wall

Topics covered: The kinds of attacks--against Windows 2000 and Linux systems--that are covered on the SANS Institute's Global Information Assurance Certification (GIAC) exam, as well as the software tools and configuration strategies that you can use to protect your systems against them. The authors cover many attacks--including Trojans, host spoofs, and others--and many defensive weapons (like firewalls and intrusion detection systems). ... Read more

Reviews (8)

good book, but not always accurate
If you don't have any security background then this book is a good place to start.Be ready, however, for most of the links to be out of date (the book was published in 2002).This can be circumvented by a little help from Google to find the utilities you need for the exercises.There are also a few inaccuracies in the syntax provided.These can be resolved with help from "man" (i.e. 'man ipchains') or the help for the particular utility.

Great hands on book
I really liked this book. I liked how it did not just inform you about these tools but actually had you use them to gain understanding. Any good systems/network admin should be familier with the tools in this book. Both UNIX and Windows admins will gain great experiance and understanding of their systems weaknesses.
I have read many books on "hacking" and security and this one is the only one that actually has you use these tools.
It is setup in a very easy to follow and understand format. This book isa must for EVERY Admin, not just for preparing you for a test. Even if you never take a security exam, this book will give you great intro and experience with the use of the tools described.

No time spent proofreading this book
This book presents some welcome hands on exercises to learn about security.However, it is very clear that at no time did anyone sit down with the book and actually try out the exercises before the book was published.The result is that many of the exercises simply do not work as written and much time is spent simply troubleshooting the steps.

Apart from the poor quality control of this book, it lacks good solid explanations to accompany most of them.Like many such exercise-oriented book the minimal level of explanations leaves one feeling that they are merely following a recipe in a cookbook.

In summary, while the book offers something that is missing in the marketplace, it seems that is was rushed into print with little quality control.Unfortunately there are no errata sheets available from the publisher. ... Read more

Isbn: 0789727749
Subjects:  1. Certification    2. Certification Guides - General    3. Computer Bks - Certification    4. Computer Data Security    5. Computer security    6. Computers    7. Data Processing - General    8. Electronic Data Processing    9. Electronic data processing per    10. Electronic data processing personnel    11. Examinations    12. Networking - General    13. Security    14. Study guides    15. Test Prep    16. Computers / Technical Skills   

Hackers Beware: The Ultimate Guide to Network Security
by Eric Cole
Average Customer Review:
Paperback (13 August, 2001)
list price: $45.00 -- our price: $29.70
(price subject to change: see help)
US | Canada | United Kingdom | Germany | France

Editorial Review

In Hackers Beware, Eric Cole succeeds in explaining how hackers break into computers, steal information, and deny services to machines' legitimate users. An intended side effect of his documentary efforts is a feeling for how network-connected computers should be configured for maximum resistance to attack. Cole, who works with the attack-monitoring SANS Institute as an instructor and security consultant, conveys to his readers specific knowledge of offensive and defensive weaponry as well as general familiarity with attack strategies and good security practices. Hackers Beware is a good primer and really earns its price by going into enough detail to enable readers to actually do something to make their resources safer. It also enables its readers to understand more specialized security texts, including Stephen Northcutt's fine Intrusion Signatures and Analysis.

Cole's didactic style is largely conversational, embracing the fact that most computer exploits can be conveyed as stories about what hackers want and the steps they take to achieve their goals. He punctuates his prose passages with line drawings that clarify what gets passed among the machines involved in an attack, and pauses frequently to show programs' user interfaces and passages from their logs. Cole explains all the jargon he uses--a characteristic that alone distinguishes this book from many of its competitors. --David Wall

Topics covered: What motivates black-hat hackers, and the technical means they use to go about satisfying their ambitions. General attack strategies--spoofing, password cracking, social engineering, and buffer overflows, among others--are explained, and the tools used to carry them out are catalogued. The same goes for defensive tools and practices. ... Read more

Reviews (21)

Great reference!
Hackers Beware: The Ultimate Guide to Network Security by Eric Cole is a great book.

I have seen Eric at over 6 SANS conferences.He is no-hype, all help.

This book is a great security resrource.

Finally, a readable book about network security!
I'll be brief.If you are a layman, and you don't have much expertise in the computer security field, then read this book."Hackers Beware" does assume some prior general knowledge about networking and software, but anybody who's taken a few courses, or had a bit of on-the-job experience will be able to follow along quite well.

Even better, if you are a business owner, and are worried about the security of your network (and believe me, you should be), then reading this book will give you the added advantage of being able to communicate intelligently with you network security personnel.Further, after having studied this accessible tome, you will be able to discern as to whether your networking people actually know what they are dealing with (sadly, some don't.You know 'em and I know 'em.Yes, I'm refering to the PAPER MCSE's).Being able to speak intelligently with your employees, and put your heads together in solving the formidible problem of network security, will be of limitless benefit to you.

All in all, an understandable, mostly-in-plain-English book that will behoove all who read it.

Excellent security information resource
I am not a system admin nor do I play one on TV. However being a computer professional, I have an interest in the topic of network security, and how crackers and "script kiddies" infiltrate network systems. This book offers a wealth of network security information that even "novices" like myself can easily follow. And in some of the examples Cole discusses, it's almost scary to discover how easy it is for someone with even a little bit of knowledge to infiltrate a computer network. Cole's book while dauntingly large contains a wealth of information that any security professional should know about. One of my sys admin friends was commenting to me that books like Cole's allow the "script kiddies" to learn about exploits without doing any of the work that a "black hat (cracker)" or "white hat (hacker)" might do to exploit a system. However big a risk that may possibly be, I still feel it's best for any security professional to be informed about all the various types of exploits they may deal with. And with a book of this size, there are obviously lots of them to discuss.

Cole discusses exploits against Linux, UNIX, Windows, and Windows NT and the myriad of programs (password crackers, network sniffers, back door programs, etc.) designed to break into other people's systems. Each program is described in full and what it does. Cole also offers suggestions and solutions in various chapters to keep unauthorized users from accessing various systems.

While you will never be 100% safe from an "attack," Cole's book offers ways to keep your system from being attacked or ensure that the chances of it actually happening remain remote, or the "damage" from such attacks stays minimal. ... Read more

Isbn: 0735710090
Subjects:  1. Computer Bks - Communications / Networking    2. Computer Books: General    3. Computer hackers    4. Computer networks    5. Computer security    6. Computers    7. Internet - Security    8. Networking - General    9. Security    10. Security measures    11. Computers / Security   

Inside Network Perimeter Security: The Definitive Guide to Firewalls, Virtual Private Networks (VPNs), Routers, and Intrusion Detection Systems
by Stephen Northcutt, Lenny Zeltser, Scott Winters, Karen Fredrick, Ronald W. Ritchey
Average Customer Review:
Paperback (28 June, 2002)
list price: $49.99 -- our price: $34.99
(price subject to change: see help)
US | Canada | United Kingdom | Germany | France

Editorial Review

Submarines handle awkwardly on the surface of the sea; airplanes are cumbersome when taxiing. Both modes of operation, however, are design requirements. Organizational computer networks have a similar requirement: they have to interface with other networks (thereby forming the Internet) in order to be useful. How network engineers manage their networks' perimeters has a lot to do with their usefulness, cost effectiveness, and--perhaps above all--security. Inside Network Perimeter Security concerns itself with this latter aspect of the connection to the outside world. It's carefully researched, cleverly written, and full of references to recent exploits and, more importantly, the trends they represent. The best details on emerging hack attacks will always be found online. This book takes a longer view, evaluating offensive and defensive technologies and offering well-reasoned advice on how to keep a network secure now and in the future.

Readers familiar with the previous work of the authors--particularly the highly respected Stephen Northcutt--will recognize the style here. It doesn't aim to teach you how to do much in particular--there are a few procedures, and some Cisco Internetwork Operating System (IOS) command listings--but rather tries to show how to think about networks and the data that comes from them. In a typical section, the authors analyze a log from Tiny Personal Firewall. They highlight the facts that are present in the log and the inferences that can be made from them. A similar style helps you master software tools and make network design decisions. This book is perfect for a network engineer wanting to improve his or her security skills for both design and administration purposes. --David Wall

Topics covered: How to design networks' borders for maximum security, and how to monitor them for unauthorized activity. After an introduction to firewalls, packet filtering, and access lists, the authors explain how to set up routers, special-purpose firewalls, and general-purpose hosts with security in mind. A large section has to do with security-conscious design, both for green field projects and existing networks that need expansion or improvement. ... Read more

Reviews (16)

A very informative read
Stephen Northcutt, and the various contributing authors, have created a masterful and well rounded guide of the various considerations that go into securing the network perimeter.As a student of Information Technology this book has been instrumental in my education and has earned a permanent place on my bookshelf (when it is not in my hands directly).

If you want to buy just one book, buy this one.
Stephen Northcutt has done a great job! this is the most comphrensive book on the subject. I particularly found the part on access lists very helpful. Niloufer Tamboly, CISSP

Fairly decent but can be thinned out a bit
Fairly decent overview of perimeter security.If your a security professional you may learn a thing or two, if your a network administrator and your idea of security is a firewall then this book is meant for you.Its a fairly easy read, but some of the examples of the commands to enter in configuring routers and hosts could be eliminated. I felt the author was just taking up space with these examples. (not a big deal but I'm taking a star away on principal) I also felt the author could have gone into a little be more detail in the VPN chapter, especially when dealing with encryption, PKI, and authenication which I felt was glossed over. (again not a big deal, but when you call yourself the definitive guide, be more definitive and save the 'commands' for the user guides") ... Read more

Isbn: 0735712328
Subjects:  1. Computer Bks - Communications / Networking    2. Computer Books: General    3. Computer Data Security    4. Computer Networks    5. Computer security    6. Computers    7. Networking - General    8. Security    9. Security measures    10. Computers / Internet / Security    11. Firewall    12. Firewalls (Computer security)    13. Virtual Private Network (VPN)   

Network Intrusion Detection (3rd Edition)
by Stephen Northcutt, Judy Novak
Average Customer Review:
Paperback (27 August, 2002)
list price: $45.00 -- our price: $31.50
(price subject to change: see help)
US | Canada | United Kingdom | Germany | France

Editorial Review

Network Intrusion Detection: An Analyst's Handbook explains some of what you need to know to prevent unauthorized accesses of your networked computers and minimize the damage intruders can do. It emphasizes, though, proven techniques for recognizing attacks while they're underway. Without placing too much emphasis (or blame, for that matter) on any operating system or other software product, author Stephen Northcutt explains ways to spot suspicious behavior and deal with it, both automatically and manually.

The case studies, large and small, are the best part of this book. Northcutt opens with a technical brief on the methods used by Kevin Mitnick in his attack upon Tsutomu Shimomura's server. In documenting that famous attack, Northcutt explains SYN flooding and TCP hijacking with clarity and detail: readers get a precise picture of what Mitnick did and how Shimomura's machine reacted. A former security expert for the U.S. Department of Defense, Northcutt explains how a system administrator would detect and defeat an attack like Mitnick's. Another case study appears later in the book, this one in the form of a line-by-line analysis of a .history file that shows how a bad guy with root privileges attacked a Domain Name System (DNS) server. Reading Northcutt's analysis is like reading a play-by-play account of a football match. Network Intrusion Detection is one of the most readable technical books around. --David Wall

Topics covered: Catching intruders in the act by recognizing the characteristics of various kinds of attacks in real time, both manually and with the use of filters and other automated systems; techniques for identifying security weaknesses and minimizing false security alarms. ... Read more

Reviews (40)

Very Good and Useful
This book is an excellent addition to any network administrator's library. Network Intrusion Detection will show you how some of the known and less known network intrusion attacks were realized and what clues there were to detecting the attacks. The book starts with an excellent overview of the network basics. Throught out the network basics chapters author outlines some of the weaknesses of that area that hackers have taken advantage of. The book can be useful guide to learning network traffic sniffing tools.

Overall a good book
This is a great book. It provides good detail on crucial ID topics. The examples in the book are clear and easy to follow. The book also does a good job of describing IP fragmentation. I would also recommend that someone get Bejtlich's The Tao of Network Security Monitoring. Read Network Intrusion Detection first then read The Tao. You will be an expert in the area of intrusion detection and network security monitoring.

The only down side to this book is that not enough attention is paid to exploring the gory details of networking like Ethernet frames, IP/TCP/UDP/etc. packets. This is an important topic for security people to understand.

Buy this book now!
This book is one of the better technical books I've read. It is easy to understand and goes into depth explaining the theory on which intrusion signatures are created. If you know basic TCP/IP but really want to know its inner-workings, get this book. I bought it less than 24 hrs ago and I'm already 100 pgs through it. This book takes a subject that could potentially be very dry and breathes a gust of fresh air into it. Recommended! ... Read more

Isbn: 0735712654
Subjects:  1. Computer Bks - Communications / Networking    2. Computer Books: General    3. Computer Data Security    4. Computer networks    5. Computer security    6. Computers    7. Internet    8. Networking - General    9. Security    10. Security measures    11. Computers / Internet / Security   

Intrusion Signatures and Analysis
by Mark Cooper, Stephen Northcutt, Matt Fearnow, Karen Frederick
Average Customer Review:
Paperback (29 January, 2001)
list price: $39.99 -- our price: $27.99
(price subject to change: see help)
US | Canada | United Kingdom | Germany | France

Editorial Review

Stephen Northcutt and his coauthors note in the superb Intrusion Signatures and Analysis that there's really no such thing as an attack that's never been seen before. The book documents scores of attacks on systems of all kinds, showing exactly what security administrators should look for in their logs and commenting on attackers' every significant command. This is largely a taxonomy of hacker strategies and the tools used to implement them. As such, it's an essential tool for people who want to take a scientific, targeted approach to defending information systems. It's also a great resource for security experts who want to earn their Certified Intrusion Analyst ratings from the Global Incident Analysis Center (GIAC)--it's organized, in part, around that objective.

The book typically introduces an attack strategy with a real-life trace--usually attributed to a real administrator--from TCPdump, Snort, or some sort of firewall (the trace's source is always indicated). The trace indicates what is happening (i.e., what weakness the attacker is trying to exploit) and the severity of the attack (using a standard metric that takes into account the value of the target, the attack's potential to do damage, and the defenses arrayed against the attack). The attack documentation concludes with recommendations on how defenses could have been made stronger. These pages are great opportunities to learn how to read traces and take steps to strengthen your systems' defenses.

The book admirably argues that security administrators should take some responsibility for the greater good of the Internet by, for example, using egress filtering to prevent people inside their networks from spoofing their source address (thus defending other networks from their own users' malice). The authors (and the community of white-hat security specialists that they represent) have done and continue to do a valuable service to all Internet users. Supplement this book with Northcutt's excellent Network Intrusion Detection, which takes a more general approach to log analysis and is less focused on specific attack signatures. --David Wall

Topics covered:

• External attacks on networks and hosts, as they appear to administrators and detection systems monitoring log files
• How to read log files generally
• How to report attacks and interact with the global community of good-guy security specialists
• The most commonplace critical security weaknesses
• Traces that document reconnaissance probes
• Denial-of-service attacks
• Trojans
• Overflow attacks
• Other black-hat strategies

... Read more

Reviews (8)

When a good book is worth a thousand experiences!
This is the best book about Intrusion Signatures published yet.
I teach computer security at a local university, and with the only help of this book, I could take care of all the practical aspects of my last course. If you have already a good background on this field, and read and understand thoroughly the book, then you can afford any related security certification test.
Chapters 3 through 17, present several well documented cases, which, in turn, are discussed following the same standard:
- Presentation
- Source of Trace
- Detect Generated by
- Probability the Source Address Was spoofed
- Attack Description
- Attack Mechanism
- Correlations
- Evidence of Active Targeting
- Severity
- Defense Recommendations
- Questions

Chapter 1 introduces the reader to Analysis of Logs (including Snort, Tcpdump, and Syslog), IDS, and Firewalls. Even being a quick review, it is quite useful, though.
Chapter 2 explains the way the cases are studied.

The covered vulnerabilities and attacks include:
- Internet Security Threats
- Routers and Firewalls Attacks
- IP Spoofing
- Networks Mapping and Scanning
- Denial of Service
- Trojans
- Assorted Exploits
- Buffer Overflows
- IP Fragmentation
- False Positives
- Crafted Packets

At the bottom line, this is one of the 5 best computer security books I ever read. Even for non experts, the book can be a valuable tool to improve the understanding on this field.
Try it.

A Great Title For Security Geeks to Learn Packet Forensics
I read this book out of general interest and a need to dig deeper into the technical aspects of security, and intrusion detection in particular. For that, this title is perfect!

It's great to learn intrusion detection, packet analysis, forensics, attack methodologies, attack recognition, and similar topics. And oh, by the way, if you have any interest at all in certification, Intrusion Signatures and Analysis is the study guide for one of the hottest new certs there is: SANS GIAC Intrusion Detection In Depth.

Includes review questions with throughout the book
A must-have for the serious network security professional, Intrusion Signatures And Analysis opens with an introduction into the format of some of the more common sensors and then begins a tutorial into the unique format of the signatures and analyses used in the book. Readers will find page after page of signatures, in order by categories as well as a case study section on how attacks have shut down the networks and web sites of Yahoo, and E-bay and what those attacks looked like. As an added feature, the collaborative authors Stephen Northcutt; Mark Cooper; Matt Fearnow; and Karen Frederick included review questions with throughout the book to help readers be sure they comprehend the traces and material that has been covered. Intrusion Signatures And Analysis is a recommended resource for the SANS Institute GIAC certification program.448 pp. ... Read more

Isbn: 0735710635
Subjects:  1. Access control    2. Computer Bks - Communications / Networking    3. Computer Books: General    4. Computer Data Security    5. Computer security    6. Computers    7. Internet - Security    8. Networking - General    9. Security    10. Computers / Internet / Security