Book Review: Hacking Linux Exposed

"Hacking Linux Exposed" (HLE) is the second title out of three in the "Hacking Exposed" series by Osborne/McGraw-Hill. The first published in September 1999, "Hacking Exposed" (HE), is currently into its third edition (just out in September 2001). Due to its popularity, the publishers decided to spin-off two other books, namely HLE published in March 2001 which is co-authored by Bri Hatch, James Lee, and George Kurtz (one of the original HE authors) with contributions from four other security experts. The third book dealing mainly with Windows 2000 security is written by the rest of the original HE authors: Joel Scambray and Stuart McClure. All three books enjoyed rave reviews from readers and one may suspect that there are more books in the pipeline for this series.

Despite being an off-spring of HE, HLE is an individual in its own right, with a distinct personality. Some may say that it supersedes its parent but this is only the case for those interested in Linux issues. As HE covers a wide range of security topics, these two books complement each other. For example, HLE does not cover web browser security problems but refers readers to HE.

In accordance with the current trend, there is an official web site to accompany this book. Updates, errata, commentary from authors, reviews, and links to other online resources are available there. Source code used in the book can be downloaded using the username and password provided in the book itself.

Generally most security books arrange the chapters according to the thought process of readers. They often start by explaining about the different types of attacks and vulnerabilities, the ways to secure and harden your system against intrusions, how to detect break-ins and lastly, how to recover from them. However, HLE engages a somewhat unorthodox approach by going the opposite way. It presents the countermeasures first, how to detect and recover from intrusions, and then only talks about the different types of attacks.

Linux security is not only about technology but also about pyschology and behavioural science. The authors show a clear understanding of the human mind and nature. I am amused when I identified my previous self in the book as one of the Linux users who think that their Linux machines are not important enough to be cracked. When you read the book, I have no doubt that you will recognise yourself in it one way or another, either as a blissfully ignorant Linux user like I used to be or a well-versed Linux system administrator.

HLE subscribes to the belief that the best way to secure your system is to think like a cracker and it is successful in its quest to lead us into the cracker's mind. In "The Art of War", Sun Tzu says "know the enemy and know yourself, and you can fight a hundred battles with no danger of defeat." This is what HLE does, it teaches you how to know your system intimately, plug all its weaknesses, and also to know how your enemy, the cracker thinks.

The thirteen chapters and four appendixes spanning 566 pages are categorised under five major sections namely: various attack countermeasures, detecting and recovering from intrusions; the methods attackers may use to get into your system; what attackers may do once they have user-level access to your box; the common services which are vulnerable; and lastly the appendixes which provide step-by-step instructions for various Linux distributions.

Chapter 1 is basically a refresher course for Linux experts as it gives a brief overview of Linux, the built-in security controls and the differences between Linux and other flavours of UNIX. If you think that your Linux machine is not important enough to be cracked, you will be convinced otherwise after reading the very first section.

As many attacks can be deterred by the same countermeasures, the common ones are all detailed in chapter 2 so that readers are acquainted with them early on. By doing this, it is hoped that readers will be able to foresee which countermeasure to use when the attacks are presented in later chapters before reading about the actual countermeasure suggested by the authors. You are shown how to use various tools to proactively scan your system for weak spots, harden your system and recover from a break-in.

It's time to enter the cracker's mind in chapter 3 as we look at how attackers target you and select you as the "lucky winner" for them to spring their big surprise. You'll discover exactly the methods they use to suss out your system, and get up close and personal with you.

Chapter 4 is all about how someone may sweet talk and con you into trusting him with confidential information through social engineering. As much as we would like to believe in utopia and that humans are basically good, it is recommended that the best way to protect ourselves is to be paranoid, sceptical, and untrusting. In addition it also delves into Trojan horses, viruses and worms including the recent Ramen Worm.

Next, chapter 5 warns that no matter how protected your machine is on the network, it will never be secure as long as it can be easily approached physically. You are reminded that boot access is root access and never to casually throw away confidential documents as dumpster-diving is becoming so popular that books are written about how to do it.

Beginners may take longer to read chapter 6 as it covers attacks over the network, and starts by going through the various network protocols. It also explains about the IP packet header and TCP header. It is necessary to understand these concepts before moving on to chapter 7 where general network and network protocols abuses are presented.

Sometimes system administrators may overlook securing the machine from the normal user. Chapter 8 considers what the cracker may do to be root once he's in your machine as one of the unprivilege users. It then looks at the importance of passwords, how to crack and protect them in chapter 9.

Later in the following chapter, we are advised never to underestimate a cracker because they have many ingenious ways of covering their tracks and installing backdoors for themselves. To be 100 percent sure that there are no "extra goodies" left on your machine by the cracker for himself, the only way is to do a complete reinstall.

The remaining three chapters talk about security issues with mail servers - Sendmail, Postfix and Qmail, and FTP (servers, clients, and protocol); web servers security focussing on configuring a secure Apache web server, and programming secure CGIs; and how to control which services are allowed to be accessed over the Internet. Chapter 13 also looks at inetd, xinetd, iptables and ipchains.

Step-by-step instructions are provided on how to install and upgrade softwares on a variety of Linux distributions in appendix A. In the next appendix, you are shown how to turn off services that you don't require. A list of other online resources for your reference and to keep yourself constantly updated follows. No book about security is complete without presenting some case studies and HLE is not an exception here. The final appendix examines three real world security breaches which are kept anonymous. One may prefer to start reading these case studies first to get a taste of what really happens in the wild before "attacking" the book head-on.

As the book uses a down-to-earth writing style, I can almost hear the authors speaking to me, advising me on how to secure my system, and warning me of pitfalls. Without using a lot of jargons, the book can be easily understood by home-users and experts alike. It truly provides an all-round coverage of Linux security.

Although it only touches on Linux, it doesn't take much for experienced system administrators to relate to similar events on other flavours of Unix. By doing so, they could customise the countermeasures and apply them to their actual platforms.

Special graphics are used throughout the book to enable readers to easily pick up attack methods and countermeasures from a page crowded with text. Important points are also highlighted using icons for "Note", "Tip", and "Caution". Every attack has an overall risk rating which comprises the frequency of the attacks appearing in the wild, the level of skill required for executing the attack, and the severity of damage which could be caused by the attack. This helps users to prioritise which security holes to rectify first if there is a shortage of time to cover all the holes.

Some reviewers are annoyed that this book does nothing to help correct the misuse of the word "hacker" by the media and to promote the right term "cracker". Although this may seem like a non-issue, real hackers and purists may be offended that this mistake could be made by people who should know better. The authors are not to be blamed for this as they did use the term "cracker" when describing an attacker but this was changed during the editing process. Only the following sentence: "Unfortunately, the term hacker has been perverted from those early days when it symbolized the quintessential programmers of the world like Linus.." on page xxiv survived the cut to hint at the real meaning of hacker. This is such a shame, for HLE could have succeeded in righting the wrong among the masses. Hopefully for the next edition, the correct term would be used.

Although this book will educate you on the techniques of attacks and countermeasures but it is not a step-by-step guide. After reading this, you will be wiser on the ways of the attackers but you may need to refer to other sources to actually implement the countermeasures.

Some attacks included seem pretty obvious and may insult the intelligence of the readers. For example, the warning that confidential information shouldn't be made available on an unrestricted web site as crackers may use these sensitive data to their advantages. I believe that everyone who knows how to set up a web site and surf the Web are aware that the Web is public and open to all.

It could do better by being more specific in certain cases such as providing the exact early versions of the Apache web server which are susceptible to the "double-dot" vulnerability. The countermeasure of this security hole is to use the latest version of the Apache web server. It would be helpful if we are told exactly from which Apache version this hole has been patched.

Overall, this book presents attacks and countermeasures clearly and succeeds in impressing upon users on the real danger of security risks. It could be the book that popularise Linux security for the general public. Linux users who have basic knowledge about programming and networks but none so ever about security will benefit the most from HLE. It will also help Linux system administrators in their everyday work to be more alert. However, Linux beginners will need to do extra reading on network protocols to truly appreciate chapters 6 and 7. Experts on security may be interested to check this book out for one or two things that they may have overlooked. So what are you all waiting for? Get out now, grab this book and start securing your system!