Building Secure Servers with Linux

Building Secure Servers with Linux, by Michael D. Bauer

Reviewed by: Wayne Bridges, send e-mail
Published by: O'Reilly & Associates, go to the web site
Requires: N/A
MSRP: $44.95 (US)

From the author of Linux Journal's "Paranoid Penguin" column comes what may be the best-ever, common sense guide to securing network attached Linux servers. While Bauer admits that the only true way to secure a server is by disconnecting it and powering it down, he writes for those who must maintain always-on, connected servers (and for whom other suggested securing techniques such as drive degaussing and pulverizing are simply out of the question).
<img src="http://rcm-images.amazon.com/images/G/01/rcm/120x240.gif" width="120" height="240" border="0" usemap="#boxmap-p8Map" alt="Shop at Amazon.com">

The book begins with a discussion of threat modeling and risk management. Here, Mr. Bauer points out the importance of knowing the enemy you're protecting yourself from, and emphasizes that this enemy is often a moving threat.

Chapter 2, Designing Perimeter Networks, shows the importance of smart network design in protecting network (or Internet) accessible hosts. In this section, Bauer brings into play the specific roles of firewalls, bastion hosts, and the demilitarized zone.

The next chapter, Hardening Linux, tells of the importance of securing bastion servers located behind the firewall, but within the DMZ. Bauer stresses that these servers should be hardened as if there were no firewall in place, using the assumption that sooner or later, even firewall-protected servers may be compromized. This chapter also instructs the reader on the importance of applying patches to protect against new vulnerabilities and exploits.

From here, the book goes into a chapter-by-chapter barrage of how to secure individual services - remote administration, tunneling, DNS, Internet email, web services, and file services.

The final chapters, System Log Management and Monitoring, and Simple Intrusion Detection Techniques, give information on both early warnings of attempted exploits and the gathering of orensic data for use in further hardening or patching of particular systems or services.

The concepts and methods applied in this book give the Linux Administrator not only a wonderful guide to the intricacies of systems security, but also a conceptual toolbox and a deep understanding of common sense security techniques. Recommended.

Letters to the Editor are welcome and occasionally abused in public. Send e-mail to: whine@kickstartnews.com