Andrew Lockhart
1 insight into security
Security has been high on my list of things to understand and master these past two years. Our company's firewall has been breached numerous times. This has scared the living daylights out of our stakeholders. I have therefore been forced to become an expert. This is one of the books that has helped me attain this level of understanding. It offers insights not available in regular how to guides on security.
2 May be right for Unix, but Windows Users beware
First, let me make clear right off the bat, I'm leaving this review as someone who purchased this book expecting information on Windows Networks and was disappointed. A large part of why this book was a bad experience for me is that, when a book bills itself as covering both Unix and Windows, I assume it gives equal coverage to both.
If you are a Unix admin this book might very well be just what you need.
That said, of its 300 pages, roughly 35 of them are devoted to Windows. In those 35 pages the author pretty clearly conveys his distaste for Windows even going so far as to misrepresent certain areas of the Windows World (someone should tell the author that Windows does have a fairly powerful scripting engine). Of the Windows tips that are provided, many of them are dedicated to making Windows work with Unix in a mixed environment.
Even without the coverage, it wouldn't take much to figure out the author's bias. The book is full of quotes such as "I know we're used to a robust, powerful scripting function in Unix but Windows doesn't have this so we have to..."
I honestly could have forgiven most of the above if the hacks had been well marked so that I could tell which were Windows related and which were Unix related. That way I would have, at very least, had a visual way to skim the book and realize how lopsided the coverage was so that I could have been saved from purchasing it.
If you're interested in Windows Security advice, I'd suggest picking up Hardening Windows by Roberta Bragg. It's a much better fit.
3 Excellent book on security.
This book took me a long time to read, but for a good reason, I kept implementing
the various hacks in the book on a server I had started setting up.
The book is mostly Unix related, but there is some Windows related `hacks' as well.
I think the Windows coverage was lacking a bit though. For Unix, it talks about
Linux, the BSD's and a bit on Mac OS X and Solaris. Most of the topics are
general enough to apply to any Unix based Operating System, but some are specific
to an operating system.
One of the great things about the Hacks series of books by O'Reilly is that the
information is presented in nice small chunks that you can read in a few minutes
if you have some spare time.
The hacks are all `hyperlinked' to each other, if a hack mentions something that
relates to another hack, it is highlighted in blue and the hack that it
references is listed. I did find a few places where this wasn't done
(#84 Real-Time Monitoring, first mentions Barnyard but doesn't provide any
information on it or mention that it is one of the later hacks).
Lots of the hacks in the book could be found by doing some reading on the
internet, but finding such a variety of topics all in one place, with enough
information to get you started is really nice. Even though I consider myself to
be fairly security conscious, I still found quite a few things in this book that
I hadn't thought of, or plain didn't realize were possible or even existed. I
would recommend this book to anyone that is interested in security or anyone
responsible for maintaining a server (whether or not it is on the internet).
4 Useful Tips, Limited on Windows
Overall, I find this book to be an enjoyable read. I thumb through it time and time again, and come up with some useful hints and tips (not really necessarily hacks though). It's more oriented toward BSD Unix and Linux, but I did find some useful hints for Windows (the current topic of my studies). I really like the plug for ntsyslod (hack 56), which can take binary event logs and route them to syslogd service. Nice. Finally, logs in Windows are now open for business.
I found some material to be trivial, making problems from non-problems, or rather not practical to implement. For example, one hint advises Windows users to encrypt their temp directory (hack 28). However, there are easy workarounds to bypass EFS, and the temp directory is within a user's profile, and thus secured from other users anyhow. So encrypting it is unecessary, and not useful given users can drag a file to a floppy or non-NTFS filesystem to and bypass the encryption.
One hack recommended flush the page file as some important application data might be in there (hack 29). However, this requires delving into the registry, and to implement across all workstations is too taxing. However, there could be ways to automate this through group policy objects and scripts. There's no coverage on how to automate some of these chores, which is not always straightforward in Windows.
One a final note, I wish there was more coverage of Windows. There's could be equivelent coverage of things like time sychronization (hack 44) for Windows as well.
Overall though, I think there are enough useful tips to make this book valuable. I've already wrote my name on this one...
5 Not for the amateur
It's important to understand who this book is for. It's not for the amateur looking to configure their firewall. The book starts with locking up UNIX filesystems and doesn't turn back the complexity clock as it winds through all the way to advanced topics like Honeypots and various SSH tunneling schemes. I highly recommend this book for network administrators and security professionals looking to make sure they have all of their bases covered. However, for the personal computer user looking to make sure their DSL doesn't get hacked I cannot recommend this book.
6 Now this is a good book!
Lots of very very very good hints and suggestions!
a valauble title.
7 A handy guide when trying unfamiliar tools or techniques
"Network Security Hacks" (NSH) has something for nearly everyone, although it focuses squarely on Linux, BSD, and Windows, in that order of preference. Administrators for commercial UNIX variants (Solaris, AIX, HP-UX, etc.) should be able to apply much of the book's advice to their environments, but they are not the target audience. NSH is written for admins needing quick-start guides for common security tools, and in this respect it delivers.
I found NSH to be most rewarding when it avoided discussing the same topics everyone else has covered. Lesser known tools like authpf, ftester, sniffdet, SFS, rpcapd, and Sguil caught my interest (especially as I write Sguil installation docs). Even some ways to use familiar tools were helpful, like the -f (fork) and -N (no command) switches for SSH forwarding. In some cases it made sense to mention well-worn topics like BIND or MySQL, with an eye towards quickly augmenting the security of those servers.
Elsewhere I questioned the need to cover certain tools. With the number of Snort titles approaching double digits, and O'Reilly's own Snort books in the wings, was it really necessary to devote several hacks to Snort? In the same respect, I felt mention of Nmap, Nessus, swatch, and ACID was not needed, nor was advice on implementing certain Windows security features.
In some cases the descriptions were too brief to really explain the technologies at hand. For example, the "Secure Tunnels" chapter discusses a very specific IPSec scenario (wireless client to gateway) without informing the reader of the other sorts of tunnels that are possible. I also questioned some of the content, like p. 47's statement that Windows lacks "robust built-in scripting." Brian Knittel's "Windows XP Under the Hood" would quickly change the author's mind. Also, the anomaly detection preprocessor SPADE is described, even though the last version (Spade-030125.1.tgz, released Jan 03) is only available on a Polish student's Web server and no longer cleanly integrates with Snort past version 2.0.5, released in Nov 03.
Despite these comments, I still found NSH a great addition to my security bookshelf. I found the coverage of Windows more than adequate, given that true security innovation in the public sphere is being done in the open source world and not in Redmond's labs. The writing tends to be clear and the descriptions concise. I guarantee you will find a handful of hacks which pique your curiosity and ultimately help secure your enterprise.
8 Good simple reference
When I first got this little book, I was unimpressed by its idea: a seemingly random collection of network security tips, combined under the same cover. However, when I started reading, more and more often I exclaimed "ah, that is how it is done", etc. The book is one cool collection of tips, ranging from mundane (`how to configure iptables on Linux') to fairly esoteric (`how to use MySQL as an authenticating backend for an FTP server'). Always wanted to use `grsecurity' or `systrace', but thought it is too complicated - grab the book and give it a shot. Want to set up a fancy encrypted tunnel between two networks - it covers that too. Admittedly, a lot of advice given in the book can be found on Google, but it is nice to find it in one place. The book covers selected topics in host security, SSH and VPNs, IDS, monitoring and even touches upon forensics. I also liked its multi-platform coverage, with a slight, but unmistakable UNIX/Linux bias.
Overall, it is a great simple book, provided you don't try to find in it something it isn't: a neat collection of simple network security tips. I somewhat disliked that many tips don't go beyond `how to install a tool' and stop short of discussing `how to use it best'.
Anton Chuvakin, Ph.D., GCIA, GCIH is a Senior Security Analyst with a major security information management company. He is the author of the book "Security Warrior" (O'Reilly, 2004) and contributor to "Know Your Enemy II" by the Honeynet Project (AWL, 2004)). His areas of infosec expertise include intrusion detection, UNIX security, forensics, honeypots, etc. In his spare time, he maintains his security portal info-secure.org
9 Another great collection of "hacks"
As with the other "Hacks" books, there are 100 hacks listed, and these are focused on network security. As another reviewer points out these hacks seem to be heavily slanted toward Unix. Whether this is due to the Windows OS "keeping the administrator out of the loop about the inner workings of her environment," as the book points out or the numerous "helpful features" of Windows that aren't that helpful to Windows admins is unclear. There does appear to be some limits to how secure you can make a Windows network, as opposed to Unix which seems to have many more options. And while we constantly hear about new Windows viruses, we rarely hear about Unix viruses. But I digress.
There definitely are some good ones here, like the "honeypot hack," protecting logs from tampering (thereby making it more difficult for a network intruder to cover their tracks), preventing stack-smashing attacks (thereby preventing an attacker from overwriting the information on a stack), detecting spoofing, testing your firewall, monitoring your logs for any sign of tampering, even defending yourself against web application intrusions. In short, these hacks are the ones deemed most likely by the book's author to be useful in defending your network against any kind of hostile attack or intrusion.
And while you may agree or disagree with the list presented in this book, this book is a valuable tool and reference for any network admin to have on hand.
10 Excellent material, but heavily weighted towards Unix...
If you're at all responsible for or mindful of the security aspects of your network, here's a book you'll enjoy... Network Security Hacks by Andrew Lockhart (O'Reilly). As with all the Hacks titles, this book contains 100 various tips and ideas on how to improve your network security through the use of various software packages or procedures you can implement. The Hacks are grouped into the following chapters:
Unix Host Security; Windows Host Security; Network Security; Logging; Monitoring and Trending; Secure Tunnels; Network Intrusion Detection; Recovery And Response.
This isn't a primer on all you need to know about system security, nor is it meant to be. Network Security Hacks is most helpful for the system or network administrator who understands security but is always looking for various ways to enhance their level of security or ease the administration processes. For instance, in the Monitoring and Trending chapter, you are introduced to a number of free tools you can download that will verify your services, graph your bandwidth trends, monitor real-time network stats, and audit the traffic on your network. While not every hack will appeal or apply to you, you will find plenty of gems that will give you a real and quick payback.
The only "gripe" I have about the book is that it is heavily weighted towards the Unix environment. The Windows chapter is pretty small, and even some of the Windows hacks involve allowing you to work with the data like you can with Unix. So, if you're looking strictly for Windows security tips, you will probably find less satisfaction than you might if you were a hard-core Unix admin. Even so, there is material there that will interest you, such as how to use Snort to set up an intrusion detection system or how to use built-in features of Windows to create your own firewall.
Very good book, and worthy to hold a spot on your bookshelf...
11 Try rummaging thru the hacks
Lockhart has assembled a fascinating collection of 100 hacks to protect your computers against a network intrusion. He covers linux/unix systems and also Microsoft machines. An entire chapter, containing 10 hacks, is devoted to the latter. Most of the other 90 hacks can be applied to both systems, though the example implementations are usually given under linux/unix.
Perusing the list of hacks may cause different readers to be attracted to different hacks. Here, I briefly summarise a few that caught my eye. Consider "Block OS fingerprinting". In an earlier, more innocent age, someone connecting to a telnet, sendmail or ftp daemon would cause it to reply with the machine's operating system label and the version of that daemon. Yes, really! In fact, this is still largely true, by default, on most unixes. Well, nowadays, a sysadmin can stop those daemons doing this. But a cracker can then do other probes. If you are running OpenBSD, you can use pf to block those.
Logically continuing this train of thought, what if you wanted to actively mislead the cracker by mimicking another operating system? This is the honeypot hack. The honeyd daemon lets you masquerade as several types of systems. Pretty crafty, eh? The next hack would then be to record all the cracker's activity on your honeypot via the open source Sebek, which is freely available for linux and Solaris.
Granted, you might be interested in other hacks. But hopefully the above gives you some idea of the book's utility. And a lot of hacks refer to other closely related hacks, in the manner shown above.
