Downloading large files, such as ISO images, with a browser program like Netscape or Internet Explorer is strongly discouraged, because browsers do not allow download resumption. Use of an ftp program that will resume an interrupted download is highly recommended. Windows FTP Software Downloads
Home|News|Intro To Linux|FAQ|Linux Installation|ISO Burning|Verify ISO's|Book Reviews|Contact Email

Hacking Linux Exposed - Paperback; 608 pages 1st edition (March 27, 2001)
Authors: Bri Hatch, James Kurtz, and James Lee
Publisher: McGraw-Hill Professional Publishing
Reviewed by Alex Graven
Read more about this book here
Buy this book from Amazon.com
Buy this book from Powells.com


Don't you just love those movies where hacking and computing are involved? I had no idea you could use natural language phrases to make computers do stuff. Here I am, trying to master C++ and assembly, whereas if I just used a sixty four point blinking red font, I could use plain English, like "hack computer" (or, "get access") and illicitly back up a half hour long three dimensional holographic presentation (running on a Celeron laptop, no less) detailing the nefarious plans of some biotech corporation that just happens to keep a football team sized squad of "Mad Max" style hitmen on the payroll ("this is Mr. Jones, CEO, Mr. Smith, CIO, Ms. Jenkins, head of operations, and Snake, head of covert operations and leg-breaking"), onto a single sided floppy, which leather clad bikini babes would then start killing people with chrome guns, shuriken, and patented ninja backflip moves to try and get their hands on (although, being dragged by my neck out of the path of a speeding car by Wesley Snipes would be cool - I'd appreciate the autograph seeking opportunity. I'd pass on any rescue from Steven Segal, though... and John Travolta can keep WAY the heck away from me with his little Dianetics-meter contraption, although he usually plays the villain so there's no chance of that happening).

Where was I? Oh, yes. If movies were any indication of what hackers were capable of, there's a reason we go to great lengths to give them "special" treatment in the courts. Being able to bring down a network with a rotary phone and a knife switch made out of a paperclip, or even using a keyboard without it being plugged in, would be a neat trick. Heck, I'd still like to know how Jackie Chan was able to play an Atari 2600 using a calculator-slash-ruler as a controller in "Cannonball Run."Anyone seen a phile on how that was done? Didn't think so. I'm glad that people are starting to write books demystifying this field of endeavour, though, to separate the fact from the fiction.

I'd like to pause for a moment to explain to the world, before I get a deluge of email from the self-righteous members of the geekosystem who like to do things like explain in great detail, showing their work, just why Lord of the Rings doesn't make sense because Frodo was able on foot to cover ground faster than Bilbo and company could on ponies in "The Hobbit", that yes indeed I do know the difference between a "hacker" (someone who likes to take things apart to see how they work, or in my brother's case, see what makes them stop ;) )and a "cracker" (computer criminal or bastion of personal liberty, depending on whether you're a "2600" reader or not). I also don't care.

Let's put it this way. The reason why I am going to use the term "hacker" to describe "computer criminal" as the authors of this book have done, is that it is not only the term they use and one that the average layman would understand, but also that I don't want hate mail from the Confederate Sons of America calling me racist against "Trailer Dwelling People of Southern Extraction". All kidding aside, it's cool to reverse engineer/play with/discover things about things you've purchased, designed, or otherwise own. It is something else altogether to go trespassing in someone else's data or compromise someone else's system. Unfortunately, you do have to learn how to do that kind of thing in order to prevent it from happening to you. Because hacking exists, and it sucks.

Hacking (in a criminal sense of the word) is a heck of a lot easier in some ways these days. This is a rather bad thing, because it increases the frequency of attacks. Whether it also results in a general dumbing down of your average hacker (why learn? Just read the sploits page) remains to be seen. Back in the days of yore when I was learning about computers I came across an H/P/V/A/C board in the area code in which I lived. Being of a curious nature, I applied for access (from a purely informational POV, of course) and was told unless I could pass their l33+ k-Rad k3wL skill testing questions test, there was no way in heck I would be allowed to read of their hallowed, k-l33+ ph1LeZ or whatever. So I, with my knowledge of assembly and C and computing in general, said "sure". I was then asked a bunch of highly technical questions relating to breaking into security systems and phone networks, to which I replied "no idea, which is why I'd like to learn about this kind of thing." I was eventually told that I wasn't l33+ raD enough to hang with their kr3w or whatever. I just shrugged my shoulders and said I had no aspirations to joining any kr3w, no aspirations to break into any systems, I was just the kind of person that liked to read engineering books to see how things work, etc. that I wasn't of a criminal mind, and that I was legitimately interested in it from a research and engineering point of view (in fact, I still am). I was then informed that although what they were up to wasn't legal, they weren't of a criminal mind, either. But "information wants to be free". Fair enough, then, let me have access to YOUR information. No. Uh, OK then.

I'd wager that 90% of all these "information wants to be free" types simply want their music for free, software for free, books for free, etc. etc. etc. or want to use their l33+ hax0r sk1llz to do the equivalent of tagging a subway car with a magic marker (or more appropriately, the equivalent of a dog urinating on someone else's lawn in the mistaken belief that it makes that property his), and really don't care that people have a fundamental right to protect property, intellectual or otherwise.

And when you're a kid messing around with the computers in Circuit City so that the screen saver says "Free Dmitry" or whatever, it's no big deal, but if you run a network containing sensitive information or at least information you want kept accurate, you have to make sure there isn't some punk rifling through your system, because it IS a big deal. A very big deal. And even if the attacks are more a matter of frequency than quality, unless you've got all the exploits covered, you're at risk.... by definition the patchers are always behind the exploits people.

And given that Linux is supposedly more secure, better etc. than the competition, it behooves one to ensure that that reputation isn't messed up by having something installed wrong (remember the relatively recent test where hax0rs were challenged to root either a Linux or a Windoze box, and the Linux box LOST? OK so it was due to a package not technically part of Linux, but people still read it as Windoze security is superior...), especially if it's your job on the line if your network gets gatecrashed. Getting paid to play ZORK in a telnet window and read Slashdot eight hours a day GOOD, sleeping on a sewer grate BAD.

Many books on Linux security talk about the proper design and setup of a network, e.g. from a locksmith's point of view. However, as the physical security guys will tell you (especially those who really wanted to be cops, but failed the psychological profile testing (and you know what I mean by this), and therefore now walk around with the entire Paladin Press backcatalogue memorized, harassing kids at the mall in their mall security jobs, while secretly wishing that they'd made the grade to be in SEAL team 6) the best lock in the world is useless if your door has a window in it right next to the lock or worse, the door is made of plywood, or you don't lock the back door.

So the best approach, after covering the basics, would be to start thinking like a thief, to start evaluating your security needs and approaches from the point of view of someone trying to smash his way in. So you can either try your luck at making your way into the k-rAd BBS's, or worse, l33+ web sites, and deal with the seventy other popup windows per page advertising everything from offshore gambling to the best MP3 sites to "Britney Spears backstage you won't believe what our hidden webcam captured dot com". Or you can read a book written by a few competent professionals who happen to have a good clue about how these people think.

Having just a "cookbook" (a sort of inverse exploits reference) which gives you specific ways to remedy specific attacks will be out of date before it's printed, but the other side of the coin would be to write a book that talks about computer security in vague, academic terms without giving you anything you could apply right now to stop that kid who won't stop trying to deface your home page. A competent balance has to be struck between the two: and these authors do it by following a certain strategy. Teach defensive thinking, in the context of what you have now. And it works.

This is a pretty comprehensive book, divided into appropriate sections. The first covers the basics of Linux security, an appropriate starting point. The next covers outside attacks, including network abuse and other attempts at remote intrusion, followed by local user attacks (people within the network trying to get somewhere they shouldn't be), server issues (the nitty gritty of FTP and mail security) and appendices, including case studies and methods of keeping your system current. And it's real stuff, too. No hype, no fuss. Just real-world, useful data.

And, to put it in context, all attacks are rated by popularity, simplicity and impact together with an overall risk rating - which is a great way of ensuring you don't overreact to something relatively minor (overestimating impact), or do the equivalent of confusing acne vulgaris for the first stages of Lhassa fever (e.g. not understanding the frequencies of both). Understanding the simplicity of an attack also helps you to see if you're dealing with a skr1p+ k1dd13 who scratches his elbow when he has haemorrhoids, or someone very devious who has the skills to patch your kernel remotely, while it's still running.

Also, along the way and where appropriate, details as to what tools YOU have at your disposal are detailed, explaining how to use utilities to see what's going on in the context of a given concept and/or specific attack, as well as offering links to other utilities that could help you in your quest for iron-tight security.

This book had a good flow, taking you from basics of understanding your network through making sure what you try and install is what the package maintainer intended, to access control and specific strategies for given types of network services, while pointing out along the way things that can help you and things that will trip you up. A good martial arts teacher will teach you how to break bones with your fists - a great one will teach you how to think and how to live so that you never have to. A good defensive mindset is what you need, and it's what you'll get once you've perused this book from cover to cover. It's nice to see everything tied together at the end with some actual case studies, so you get an idea of how the various pieces eventually fit together.

The top of the cover sums it up pretty nicely - "If you are serious about Linux and security, buy this book. Period." I was tempted just to submit that quote alone as the entire review.

Companion Website for additional security information and book updates.
Comments?

All images, trademarks and copyrights herein are property of their respective owners. All else Copyright 2000-2001 Linuxiso.org.
This material may only be distributed subject to the terms and conditions set forth in the Open Content License.
The latest version is available at www.opencontent.org. Linux is a registered trademark of Linus Torvalds.