Monday, December 30, 2002
Hacking Linux Exposed
McGraw-Hill, 2003, 712 pages
The authors, each a network security maven, confront the problem
of Linux, an security open source operating system, from attack. They
discuss the security features of various flavours of Linux including Red
Hat, Debian SuSE and Slackware. As well, they pay a lot of attention to
housekeeping as well as emergency response. They look at kernel hacks,
password cracks, firewall strategies, and ways of hardening systems.
Organizationally, Hacking Linux Exposed uses icons to identify
attacks. They employ a spherical bomb with a burning fuse to designate a
danger, a countermeasure that looks like a European traffic sign, and
various note tips with stencil-like icons.
The book starts off with an overview of Linux and its built-in
security features, a discussion of routine countermeasures such as log file
analysis, and an alarming walk through the ways hackers find a system and
decides to attack it.
The hacker or cracker has to find a way to let a user or system
administrator to allow a compromised or compromising file to pass via
network attacks, DNS or ARP cache poisoning, and how pluggable access
modules can add security to Linux systems.
There are server issues in e-mail and servers, all duly examined.
The authors show how web servers can be configured in terms of cracking
problems, how denial of service attacks affect servers, and how crackers
hide while removing log entries that may indicate where he operates. If the
cracker puts in his own back doors, they have to be found and disabled.
A valuable appendix deals with discovering and recovering from
attacks. If web pages or defaced, unknown files installed, if the computer
begins behaving oddly, then an attack may have happened. What to do? Turn
off all network interfaces, move the system to single user mode, turn off
official root processes, reboot from a pristine Linux floppy or CD-ROM, and
the rest of the appendix very carefully.
McGraw-Hill has printed a banner at the top of the cover of the
book that declares this work to be "an awesome reference" that should be of
value "across all aspects of information security." We'd agree and say
that, if anything, the blurb is too modest. This is definitive,
readable, essential stuff for any Linux system administrator, security
manager, heavy system user, apps developer and for all security
buffs. Unfortunately, crackers will probably glom through the book, making
it necessary for the authors to crank out the eagerly awaited third edition
in a year or two.