Maximum Linux Security. A Hacker's Guide to Protecting Your Linux Server and Workstation.

reviewed by Bob Bruen

Anonymous. SAMS 2000.
743 pages. 5 appendices, glossary, index, cd-rom. $49.99.
ISBN 0-672-31670-6.

Maximum Linux Security is mainly a resource book, not one you sit down and read cover to cover, but rather one in which you look up problems to find a solution. The number of pointers to software sources is overwhelming, with almost no stone left unturned. A practical book that belongs on your bookshelf if you have any concern for security. Although it is geared towards Linux, the information is usually applicable to any Unix system. For example, most sniffers that are mentioned will run on other versions of Unix, as will SSH.

There are five parts, 1) Linux Security Basics; 2) Linux User Security; 3) Linux Network Security; 4) Linux Internet Security; and 5) Appendices.

Part 1 is really about Linux for those who are new to Linux. One source states that at this time the majority of Linux users have less than a year of experience. These four chapters cover Linux, installation, physical security and basic sysadmin stuff as well as I have seen elsewhere. BIOS is covered, pointers to policy sources are given and a very good, simplified introduction to biometrics is presented as well.

Part II is just two chapters covering password attacks and malicious code. The usual problem of password cracking and shadow passwords are explained in a readable fashion. The chapter on malicious code is about trojans and viruses, but there is good list of software for detecting these problems, like tripwire and the TAMU suite with URLs and instructions for downloading/installing.

Part III has four very useful chapters covering spoofing, sniffing, scanners and ssh. The sniffer chapter lists the include files one needs for a sniffer and a brief description of the file. There is even a code fragment of linsniffer that sets a network card into promiscuous mode. Unfortunately the only ways presented to fight sniffers are a couple of unix commands, one program (NEPED) and the suggestion to use Secure Shell because sniffer detection is not easy. The scanner chapter details the standard set of programs such as SATAN, SAINT, ISS, COPS, NMAP, etc with a list of lesser know scanners. All in all a serious collection of software, but with some useful tools for dealing with them, like Portsentry from PSionic.

Part IV covers applications (mail, ftp, telnet, the web), firewalls, logs/audits, intrusion detection and disaster recovery. For the most part, unless you can use some sort of encrypted telnet, you should use secure shell. The web security protocol section does a nice job on Apache-SSL and certificates.

The intrusion detection chapter is another large helping of free software to help you monitor those pesky script kiddies with too much time on their hands. They all have the URL for obtaining the software with notes about what the software does, which is quite educational all by itself.

The five appendices are about 100 pages of additional resources for Linux and Linux security as well as helpful commands within Linux.

This book is a valuable resource list that is recommended. It is a practical, not theoretical, book. You do not need to know the math and there are no models to understand, but if you want to know what nmap is, what it does, where to get it and what it has to do with Linux (along with lots of other software), then you ought to read Maximum Linux Security.