Building Secure Servers with Linux

Features

• Cover Type: Paperback with 464 pages
• Published by: O'Reilly Media, Inc.
• Edition: 1st Edition November 2002
• Written in: English
• ISBN 10 Number: 0596002173
• ISBN 13 Number: 978-0596002176
• Book Dimensions: 9.2 x 7 x 1.1 inches
• Weighs: 1 pounds

Product Description
Linux consistently turns up high in the list of popular Internet servers, whether it's for the Web, anonymous FTP, or general services like DNS and routing mail. But security is uppermost on the mind of anyone providing such a service. Any server experiences casual probe attempts dozens of time a day, and serious break-in attempts with some frequency as well. As the cost of broadband and other high-speed Internet connectivity has gone down, and its availability has increased, more Linux users are providing or considering providing Internet services such as HTTP, Anonymous FTP, etc., to the world at large. At the same time, some important, powerful, and popular Open Source tools have emerged and rapidly matured--some of which rival expensive commercial equivalents--making Linux a particularly appropriate platform for providing secure Internet services. Building Secure Servers with Linux will help you master the principles of reliable system and network security by combining practical advice with a firm knowledge of the technical tools needed to ensure security. The book focuses on the most common use of Linux--as a hub offering services to an organization or the greater Internet--and shows readers how to harden their hosts against attacks. Author Mick Bauer, a security consultant, network architect, and lead author of the popular Paranoid Penguin column in Linux Journal, carefully outlines the security risks, defines precautions that can minimize those risks, and offers recipes for robust security. The book does not cover firewalls, but covers the more common situation where an organization protects its hub using other systems as firewalls, often proprietary firewalls. The book includes:

• Precise directions for securing common services, including the Web, mail, DNS, and file transfer.
• Ancillary tasks, such as hardening Linux, using SSH and certificates for tunneling, and using iptables for firewalling.
• Basic installation of intrusion detection tools.

Writing for Linux users with little security expertise, the author explains security concepts and techniques in clear language, beginning with the fundamentals. Building Secure Servers with Linux provides a unique balance of "big picture" principles that transcend specific software packages and version numbers, and very clear procedures on securing some of those software packages. An all-inclusive resource for Linux users who wish to harden their systems, the book covers general security as well as key services such as DNS, the Apache Web server, mail, file transfer, and secure shell. With this book in hand, you'll have everything you need to ensure robust security of your Linux system.

From the Author
In response to Reviewer: Charles Dallas from Boise, Idaho.

While a few of the many tools covered in my book do have X11 interfaces, these constitute a very small percentage of software packages my book covers. Furthermore, where applicable I do explain how to run them from the command line. Obviously, installing X11 on any server should be avoided, and my book states this repeatedly.

Reader Reviews
I run a small home network with a registered static IP. I wanted to secure it and use it to run a web server and an app server. By trade I am an enterprise Java developer. Prior to reading this book, I had had zero experience securing any kind of server, and nearly zero experience administering Linux boxes at all. I was pretty intimidated by the concepts of computer security in general. Also, you should know that I actually read 90% of this book. Let me say without hesitation that this book has changed my life. I have secured my network, protected my data, detected attempted hacks, and learned a TON. This knowledge has also helped me tremendously in my day job, as an awareness of the overall network security environment is essential to being a good enterprise developer. I give 100% of the credit to Mr. Bauer, whose writing is complete, comprehensible, succinct, and lively. He progresses logically through the material, covering firewall architecture, server hardening, use of ssh for all administration, log watching, web and DNS security, threat detection, and many other topics. His coverage is a judicious mixture of utilitarian and theoretical - he gives you just the right instructions to accomplish your goals, and just enough background to make it interesting and understandable. This approach makes his chapters on bastion hosts, ssh, and tripwire especially definitive. His humor, unlike that of many other technical authors, actually is funny and helpful. When he refers to the complex Diffie-Hellman key exchange algorithm as a "large-prime-number hoe-down," he succeeds in both entertaining and providing an adequate summary for the average network administrator. Bauer's sense of organization and style enables him to take the mystique and complexity out of computer security and empower the reader. I take extreme exception to the negative reviewer who claims that Bauer relies too heavily on graphical tools, which is bad since one should not even have X11 running on a secure server. Obviously this other reviewer never read the book. In his chapter on hardening Linux, Bauer EXPRESSLY SAYS not to install X11 on a secure server. Almost NOWHERE in the book does he use graphical tools. What the other reviewer has written is unfair and untrue. Maybe he read a different book. One minor quibble I have is that the log monitoring software Bauer suggests, "swatch," is adequate but has really been superseded by "logwatcher," which comes with Red Hat Linux. Logwatcher has built-in smarts, and does not need to rely on downloading modules from CPAN onto your secure server. But consider this: the fact that I can even raise this issue, after previously knowing absolutely nothing about computer security, is further testament to the greatness of this book.