Books: A User's Report
The news illustrates the problem in story after story -- we keep trying to conduct private transmissions in an insecure world. There are precautions that we can take and utilities that protect email, documents, data, and records. However, we often neglect or forget to utilize them. This column reviews some excellent references on this topic. I have included Bruce Schneier's latest book, Secrets & Lies: Digital Security in a Networked World (John Wiley & Sons); The Practical Intrusion Detection Handbook by Paul E. Proctor, Foreword by Dorothy Denning (Prentice Hall); Linux System Security, The Administrator's Guide to Open Source Security Tools by Scott Mann and Ellen L. Mitchell (Prentice Hall Series in Computer Networking and Distributed Systems); and the CVS Pocket Reference by Gregor N. Purdy (O'Reilly & Associates).
Secrets & Lies: Digital Security in a Networked World
John Wiley & Sons, Inc.
The allure of the Internet presents many advantages to its users. It offers visitors another world without leaving the comfort of their own homes or offices, in a way reminiscent of Walter Mitty. Since the users physically remain in their familiar surroundings, it is easy to be lulled into a false sense of security. Bruce Schneier, security specialist and the author of Applied Cryptography (John Wiley & Sons, Inc., ISBN 0-471-11709-9, $49.95), analyzes the security risks and problems associated with doing business in an often insecure digital world. Applied Cryptography examined cryptographic protocols, techniques, and algorithms to implement privacy safeguards for email, sensitive data, and confidential records. In a different type of book, Secrets & Lies: Digital Security in a Networked World, Schneier again turns to privacy and security implementations. He demonstrates how to recognize the dangers inherent in this digital universe, and also how to initiate protective measures. Schneier addresses the topics and processes in three major sections: The Landscape, Technologies, and Strategies.
Part 1: The Landscape discusses the current environment through chapters highlighting Digital Threats, Attacks, Adversaries, and Security Needs. In order to implement any effective security plan, it is necessary to evaluate what you wish to protect and the possible hazards to its integrity. In Part 2: Technologies, Schneier analyzes some specific technologies, their advantages, and their limitations. He examines the procedures in the following order: Cryptography; Cryptography in Context; Computer Security; Identification and Authentication; Networked-Computer Security; Network Security; Network Defenses; Software Reliability; Secure Hardware; Certificates and Credentials; Security Tricks; and The Human Factor. With the combined knowledge of 1) what the dangers are, and 2) the currently available tools and their respective shortcomings, the next logical step should assist the administrator formulating a beginning security process. Part 3: Strategies helps determine what protection is necessary now and also how to anticipate future needs. The author presents some possible answers in the chapters surveying Vulnerabilities and the Vulnerability Landscape; Threat Modeling and Risk Assessment; Security Policies and Countermeasures; Attack Trees; Product Testing and Verification; The Future of Products; Security Processes; and the Conclusion. Schneier also presents an Afterword and a Resources section.
In the Preface, Schneier includes guidelines for reading his book. Unlike most technical books, the best way to read this is from the beginning to the end. It resembles a narrative more than a computer text; it also describes the technologies without mathematical formulas and with a sense of humor. One of my favorite examples follows a discussion of certificates:
If they match, then the certificate is hers. It sounds simple, except that it doesn't work. [Page 231]
That example illustrates the difference between Schneier's two books on this topic. Applied Cryptography analyzed the mathematical theories and formulas that comprise the science of cryptography. Secrets & Lies: Digital Security in a Networked World features the people who use it. This approach recognizes security as a process and the vulnerabilities in its implementations. The concept of regarding security as a process also emphasizes its continual change; recognizing a weakness is the only way to strengthen it. Secrets & Lies: Digital Security in a Networked World is an outstanding book. Schneier leads readers on a superb excursion through the realistic implementations of security and privacy utilities and the facts and fictions surrounding them.
The Practical Intrusion Detection Handbook
Paul E. Proctor
Foreword by Dorothy Denning
Essentially, there are two approaches to explaining most computer theories. The first is a high-level discussion of the concept itself, illustrating its design and how it interacts within the computing environment. The second shows how to implement it for a specific operating system. An administrator needs to know both the overview and the accompanying specifics that permit its installation and configuration. The Practical Intrusion Detection Handbook, by Paul E. Proctor, combines both approaches.
Proctor defines and explains intrusion detection, demonstrates how some organizations have handled attempted intrusions through case studies, and illustrates some principles through other examples. The Real-Life Stories and Case Studies are indexed in the front of the book. Proctor begins the book with an Introduction, which defines Intrusion Detection and compares different varieties of attacks. The second chapter presents A Historical Perspective, while Chapters 3 and 4 describe the elements of Network-Based Intrusion Detection Systems and Host-Based Intrusion Detection Systems. Succeeding chapters detail Detection Technology and Techniques; Intrusion Detection Myths; Effective Use; Behavioral Data; Forensics in Intrusion; Detection; Operational Use; the Intrusion Detection Project Lifecycle; and Justifying Intrusion Detection. The concluding chapters examine a Requirements Definition; Tool Selection and Acquisition Process; Commercial Intrusion Detection Tools; Legal Issues; Organizations, Standards, and Government Initiatives; and Practical Intrusion Detection. The Appendices contain A) a Sample RFP, B) Commercial Intrusion Detection Vendors, and C) Resources.
Proctor begins each chapter with an overview of the chapter's contents and an introduction to the topic. He concludes each chapter with a summary of its most important points. The design and presentation of the material can easily be used as an administrator's reference. The Practical Intrusion Detection Handbook begins with the terms employed in any description of the principles of intrusion detection and also contains an explanation of its processes. Proctor examines the more complex features of intrusion detection, reveals some of the myths associated with intrusion detection, analyzes both insider and outsider misuse, and discusses monitoring. He also identifies the business segments of Intrusion Detection, including the legal issues and requirement definitions and describes some of the commercial intrusion detection tools currently available. Proctor's thorough evaluation of intrusion prevention and detection techniques is informative and enlightening. The Practical Intrusion Detection Handbook is an excellent introduction and a superior reference for intrusion detection administration and deployment.
Linux System Security
The Administrator's Guide to Open Source Security Tools
Scott Mann and Ellen L. Mitchell
Prentice Hall Series in Computer Networking and Distributed Systems
It is always a pleasure to review a book that I have not only used as a reference, but in which I have also found the exact answers that I had been seeking. The practice of security is no less important on a Linux system than on any other type of operating system. However, Linux affords the administrator the luxury of using Open Source tools. One of the best things about using Open Source utilities is the wide variety of tools already available. Authors Scott Mann and Ellen Mitchell describe and explain many different topics related to Linux security and administration. They also provide some introductory information and system overviews in the beginning of the book.
The overviews and introductions are included in the book's initial chapters: Vulnerability Survey; Security Policies; Background Information; and Users, Permissions, and Filesystems. Chapter 5 presents and examines Pluggable Authentication Modules (PAM), its overview, configuration, and administration. The next three chapters feature One-Time Passwords, System Accounting, and System Logging and demonstrate many ways to document accounting and auditing on your system. Chapter 9, Superuser Do (sudo); illustrates a way to grant restricted or limited superuser privileges. Mann and Mitchell then address the topics central to the book, beginning with Chapter 10's Securing Network Services: TCP_wrappers, portmap, and xinetd. The next two chapters address The Secure Shell and Crack (for those of you who think that your password is ultra-secure), and Chapter 13 explores Auditing Your System with Tiger. The following chapters survey Tripwire; The Cryptographic and Transparent Cryptographic Filesystems; and Packet Filtering with ipchains. The concluding chapters review Log File Management; and Implementing and Managing Security. The Appendices include A) Keeping Up to Date and B) Tools Not Covered, which is followed by a Glossary.
I cannot possibly review this book well enough to repay the authors for the wealth of information that they have put at my disposal. Mann and Mitchell provide a broad spectrum of information with a surprising amount of detail and examples to demonstrate the programs and procedures. They describe each concept precisely, utilize examples, and warn the reader of any known case where a utility may not work as expected. This is an outstanding and valuable book that every Linux administrator should read at least once and reference often. Linux System Security is a superior resource for any Linux administrator.
CVS Pocket Reference
Gregor N. Purdy
O'Reilly & Associates, Inc.
The CVS (Concurrent Version System) utility is the Open Source code control tool. It allows several developers to modify the same code segment simultaneously. If there is a conflict, it falls to the most recent user to resolve any differences. This handy pocket reference by Purdy includes the essential CVS guidelines for installation and configuration, plus the commands. He also compares CVS to the more restrictive RCS (Revision Control System) and SCCS (Source Code Control System) utilities. Purdy divided the booklet into five sections: the Introduction; Installing CVS; the Administrator Reference; the User Reference; and Relata (a reference listing of some of the CVS-related programs available through the Internet).
The CVS Pocket Reference is an excellent guide for the Concurrent Version System. Purdy outlines the fundamental concepts of CVS and briefly explains its most popular features. He demonstrates CVS installation procedures, configuration details for administrators, and user commands. This clearly written and neatly organized reference places the power of CVS conveniently within every programmer's reach. Purdy defines, interprets, and explains the design and use of the popular Open Source tool.
About the Author
Elizabeth Zinkann has been involved in the UNIX and C environment for the past 15 years. She is currently a UNIX and C consultant, and one of her specialties is UNIX education. In addition to her computer science background, she also has a degree in English. Her writing has also appeared in Linux Magazine, Performance Computing, and Network Administrator. Elizabeth can be reached at: email@example.com.