Sebastopol, CA--Computer security can be both discouraging and liberating, says Michael D. "Mick" Bauer, author of Building Secure Servers with Linux (O'Reilly, US $44.95). "Once you get past the horror of grasping its futility--a feeling identical to the one that young French horn players get upon realizing no matter how hard they practice, their instrument will continue to humiliate them periodically without warning--you realize that there's nowhere to go but up," Bauer explains. While acknowledging that system security is, on some level, futile, Bauer goes on to offers a great deal of practical advice on how to think about threats and risks, how to protect publicly accessible hosts via good network design, how to harden a fresh installation of Linux and keep it patched against newly discovered vulnerabilities, and much more.
"Building Secure Servers with Linux" focuses on the most common use of Linux--as a hub offering services to an organization or the larger Internet--and shows readers how to harden their hosts against attacks. As the cost of broadband and other high-speed internet connectivity has gone down, and its availability has increased, more Linux users are providing services such as HTTP, Anonymous FTP, etc., to the world at large. At the same time, some important, powerful, and popular open source tools have emerged and rapidly matured--some of which rival expensive commercial equivalents--making Linux a particularly appropriate platform for providing secure internet services. But security is uppermost in the mind of anyone providing such a service. Any server experiences casual probe attempts dozens of time a day, and serious break-in attempts are made with some frequency as well.
Bauer, a security consultant, network architect, and lead author of the popular "Paranoid Penguin" column in "Linux Journal," carefully outlines the security risks, defines precautions that can minimize those risks, and offers recipes for robust security. The book does not cover firewalls, but covers the more common situation where an organization protects its hub using other systems as firewalls, often proprietary firewalls.
"Since I'm a working security consultant and network architect, I have insights on network and system security that go beyond settings in the configuration files of specific applications," Bauer explains. "I understand a bit more about how computers, software applications, networks, users, and luck relate to each other than, for example, the average system administrator who is compelled by circumstances to focus on specific problems--usually crises--often at a relatively low level.
"However, I spend a lot of time configuring real-world applications on real-world systems: fancy principles are not much use unless you implement them in some way," Bauer adds. "'Building Secure Servers with Linux' reflects this duality; I think it provides a unique balance of big-picture principles that transcend specific software packages and version numbers, and very clear procedures on securing some of those packages. In other words, my procedures are presented within a larger context, and my principles are accompanied by examples that are both relevant and useful."
An all-inclusive resource for Linux users who wish to harden their systems, "Building Secure Servers with Linux" covers general security as well as key services such as DNS, the Apache web server, mail, file transfer, and secure shell. The book includes:
- Precise directions for securing common services, including the Web, mail, DNS, and file transfer
- Ancillary tasks, such as hardening Linux, using SSH and certificates for tunneling, and using iptables for firewalling
- Basic installation of intrusion detection tools
"Building Secure Servers with Linux" explains security concepts and techniques in clear language, beginning with the fundamentals, so that Linux users with minimal knowledge of security will be able to grasp and apply its concepts. With this book in hand, Linux administrators will have everything they need to ensure robust security of their Linux systems.
An article by the author, Securing Linux: Why It's Worthwhile and Achievable, is available online
Chapter 10, System Log Management and Monitoring is available free online
For over 40 years, O’Reilly has provided technology and business training, knowledge, and insight to help companies succeed. Our unique network of experts and innovators share their knowledge and expertise through the company’s SaaS-based training and learning platform. O’Reilly delivers highly topical and comprehensive technology and business learning solutions to millions of users across enterprise, consumer, and university channels. For more information, visit www.oreilly.com.