Hacking Exposed Linux 2/e
by Berislav Kucan - Wednesday, 7 May 2003.
Authors: Bri Hatch and James Lee
Publisher: McGraw-Hill Professional
The Hacking Exposed security titles don't need any introduction.
Written by the experts in the security field, they provide loads of
information as seen from both perspectives related to a system
administrator - securing and hacking. As the security scene is actively
progressing, the books from the Hacking Exposed series receive upgrades
in the way of new editions. Today, we take a look at second edition of
the successful "Hacking Exposed Linux".
About the authors
Bri Hatch is Chief Hacker at Onsight, Inc.
where he is a Unix/Linux and network security consultant. He has taught
various security, Unix, and programming classes for corporations
through Onsight and as an adjunct instructor Northwestern University.
He is also co-maintainer of Stunnel, an Open Source secure SSL wrapper
used around the world to encrypt cleartext protocols.
An interview with Bri Hatch is available here.
James Lee is CEO of Onsight Inc., a training and consulting firm
specializing in open-source technologies. Mr. Lee has over 15 years of
experience in software development, training, Linux security and web
programming. He can talk endlessly about the virtues of Linux, Perl,
Apache and other open-source products - just ask his students. He has
written articles about network programming and Perl for The Linux
Inside the book
If you are not familiar with the organization of the Hacking
Exposed books, I'll mention that the book is really easy to navigate,
as it uses a standard type of icons guiding the users into different
security issues. Therefore there are separate icons for attacks that
specify penetration testing/hacking tools and methodologies on the one
hand and countermeasures presented to fix the various attack types on
the other. Complementing the book's easy navigation, the authors use
three subsets of icons - note, tip and caution. These symbols are used
for emphasizing the important points of the discussed topics. Also for
better presentation purposes, all of the hacking situations start with
an information table detailing the problem's popularity, simplicity and
impact and the final verdict on the overall risk rating for the given
Before going deeper into the core of the book, I should mention the
changes between the original and this second edition of "Hacking
Exposed Linux". In building this edition, the authors wanted to be sure
that the book will still be standalone, so they compressed, trimmed and
deleted some of the old material. By doing this, they managed to add
approximately 200 pages of new text, which can especially be seen from
a new section focusing on the attacker's actions after a successful
server compromise. Most of the removed material is still available from
the online companion for this book, located at HackingLinuxExposed.com.
The book starts with an overview on Linux security, precisely with
the introduction on the open source movement and the correlation
between open source and security. Linux security basics follow up next,
with some beginner type of information on permissions, aliased
commands, system usage and the most popular security issues including
format strings, buffer overflows and race conditions.
As system administrators should be fully equipped with a myriad of
security tools, the authors introduce the readers to different tools
related to proactive security measures. This extensive list of security
scanners, log file analyzers and intrusion detection tools, offers a
great guide for the novice administrators interested in hardening and
watching after their systems. The final chapter in the opening "Locking
into Linux" part of the book, goes further into specifying the services
and situations attacker can learn about your system and provides the
information on how to make the attacker's job as tougher as it can be.
The next two parts of the book deal with both outside and local
attacks. A Linux system administrator must be introduced with the
possible compromise methods that aren't directly related to the Linux
environment. Because of that, the authors start the "outside attacks"
section with the ever present topic of social engineering,
a hacking method made famous by the well known hacker Kevin Mitnick. As
the security situation within an organization can be locked from the
computer perspective, attackers quite often use the weakest link -
people. By either using false authority, sympathy, impersonation or
boosting the co-speaker egos attackers can receive a complimentary
ticket to the organization's network.
Trojan horses aren't such a problem for Linux users as they are for
Windows users, but they are still a notable threat. It became a trend
that the attacker compromises a target server offering some kind of
software downloads and replaces the valid software files with trojaned
copies of the same files. One of the topics missing in the first
edition of this book was surely Wireless LAN hacking, which now
receives just about 15 pages. Although this topic wasn't covered in
such a manner I expected, it provides some decent information on the
basics of wireless networks, protection and insecurities.
For the local hacking fans, the authors discuss different privilege
escalation and password management scenarios. Neat coverage of the
miscellaneous attacks is made even better with a section on physical
attacks that mostly deals with unprivileged access to the system and
its boot loaders (both LILO and GRUB are used as the abuse examples).
As Linux is mostly used in server environments, the fourth part of
the book goes into specifics relating to server security issues. Here
the authors traverse through security issues relating to File Transfer
Protocol, E-Mail transfer, web servers and the dynamic content served
through them. A newly written chapter on denial of service attacks
provides a good overview on the topic. The last section of the book
deals with the already mentioned means, hacker will deploy after a
successful break-in. As there a lot of things to do on a compromised
host, the section is divided into three separate sections defining
possible attacker steps - covert access and hiding, backdooring valid
services and advanced system hacks.
What I think of it
After spending some time with "Hacking Exposed Linux Second
Edition", I'm happy to say that the book is a great read - it offers
Linux related security details in an easily readable way. The quality
of the written text is quite nicely supplemented with loads of
practical examples written by the guy who gives us the excellent "Linux Security: Tips, Tricks and Hackery"
newsletter. The book should be of interest to any Linux user as it
gives an inside look into various hacking topics related to this
popular operating system.