Features
- Cover Type: Paperback with 704 pages
- Published by: Syngress
- Edition: 1st Edition July 10, 2001
- Written in: English
- ISBN 10 Number: 1928994342
- ISBN 13 Number: 978-1928994343
-
Book Dimensions:
9.2 x 7.4 x 1.4 inches
- Weighs: 2.9 pounds
Product Review
" I like this book. It would be a good textbook to use with a one-week Linux security workshop" -- Information Security Bulletin
Product Review
" I like this book. It would be a good textbook to use with a one-week Linux security workshop" -- Information Security Bulletin
Reader ReviewsI am a senior engineer for network security operations. I am not a Linux expert, nor do I have experience using all of the tools included in "Hack Proofing Linux" (HPL). Unfortunately, I don't believe HPL was written by experts either; few have knowledge spanning the entire open source security arena. By venturing beyond the authors' core expertise, HPL offers some incorrect information. If you accept these limitations, HPL still introduces an impressive array of Linux security applications. The deployment of Linux antivirus solutions is HPL's first example of questionable material. The authors seem to think products like AntiVir exist to protect Linux hosts. Actually, Linux-hosted anti-virus solutions primarily screen email traffic for Windows-based malicious logic. Finding a "VBS.FreeLink" virus on a Microsoft-based CD-ROM, mounted on a Linux system, doesn't qualify as protecting the Linux operating system. (See p. 123 for this example.) The second sample of questionable material involves discussions of the nmap port scanner. Chapter 3 doesn't provide accurate information on the tool's options. On p. 136, "-s" doesn't mean "stealth" in all cases. P. 137 provides this puzzle: "-sS uses the SYN feature of TCP... even if the remote computer doesn't want to communicate with your host, NMAP is still able to gather sufficient information from this scan to learn the open ports." On p. 140, we should hear that specifying "ME" in a decoy scan indicates where to place your true source IP; it doesn't "increase the likelihood that your system will be hidden from IDS logs." P. 142 incorrectly says -sS "helps the scan get past firewalls, which often filter out initial SYN packets." Material like this seems like speculation or misinterpretation, not sound advice. Beyond technical inaccuracies, I believe HPL is more about installation of tools and less about operational use. Knowing how to install Snort with database support is significant. Having the ability to configure the ruleset, interpret the alerts, and operationalize the system is far more important. That level of detail deserves a separate book, not several pages in a single chapter. Still, I haven't seen another book which covers so many open source security tools. You'll find instructions for installing GPG, nmap, Nessus, Tripwire, TCPDump, Ethereal, EtherApe, OpenSSH, Squid -- the list goes on. Beyond verifying the material I believed was inaccurate, I skimmed much of these installation and basic usage instructions. Should someone need help deploying one of these tools, HPL will probably be useful. Just be sure to verify the material against the documentation provided by the application's authors. (Disclaimer: I received a free review copy from the publisher.)
Search for books at
