The 2nd Ed. has about 200 pages of new material as well as having substantial revision of existing material; it is (c) 2003. The Seven Deadly Linux Sins have been revised to match the current risks and a new Physical Security section has been added. Varying danger levels are noted by one to five skull-and-crossbones symbols so you know which problems most deserve your attention. Its extensive cross-referencing (including page numbers), Index, and design also allow it to be used as a reference.
RWLS has a very extensive IP Tables section,
including Tips and techniques of debugging rules locally and remotely.
It includes "drop in"
Firewall scripts for a Small Office/Home Office environment and for a
small/medium company with a DMZ. It covers wireless networks, low-level
protocol ARP and Switch attacks and new defenses, Arpwatch, Logcheck,
xinetd, and more.
Click to purchase 848pp 2nd edition from
Amazon
or other fine bookstore.
Very few networks, even those with a firewall, are secure. Many organizations' firewalls are improperly configured, allowing crackers to see and attack their internal network with ease. For US$100 we will do a non-destructive scan of your network from the Internet (and interpret the results) to show you what a Cracker can see and attack. Most people are very surprised at how open their networks really are to attack.
Usually, we will be able to tell you not only the IP address of each of your internal systems but also what version of Windows, Unix, Linux, etc. that each system is running, what network services it is offering, and how vulnerable to attack each system is. We then can discuss inexpensive ways to secure your network.
Among our many security and system administration services, we offer 24x7 Monitoring of our clients' systems to detect and correct computer and network failure, cracker attacks, and defaced web pages. Additional services include the installation of security patches as they become available and also typical SysAdmin duties.
It has it all when it comes to Linux security (Rated 5 stars)
(www.e-consultancy.com reader review)
I have both editions of Bob's book. I've been working with Linux since 1995, system administration/networked systems for over 12 years. I must say, this is the most comprehensive book on system/network protection of any I've seen. It covers every subject found in other books I've purchased and then some. It is an excellent read from cover to cover as well as a reference document to keep at hand. Much of the book is applicable to network/system security regardless of the systems you're using.
You'll find yourself wondering "wow, that's common sense, why didn't I think of that?" But, it is also full of jewels of more esoteric approaches to protecting systems that will continue to foil the knowledgeable cracker. Focus on the "rings of security," the concept is excellent. This is the book to have, to read cover to cover and keep at your side as it is the ultimate reference document for network/system security.
The book was written by Bob Toxen, one of the 162 developers of Berkeley UNIX, who had 26 years of UNIX and 6 years of Linux experience at the time and much of that involves security. Real World Linux Security, 1st Ed. was published November 2000.
Be sure to add yourself to the readers' mailing list (near the bottom of this web page) to get important new security information and also check the Updates and errata link for the few typos and information received after publication.
This complete, easy-to-use, and up-to-date book will help you secure your Linux and UNIX systems against all manner of attack with extensive examples and step-by-step instructions. It is set up so that it can be used as a workbook, doing a little bit at a time, or as a reference for any aspect of Linux or UNIX security. This includes using Linux as a firewall for a mixed operating system network. It covers home systems, corporate networks, and e-commerce issues.
Learn the seven deadly sins of Linux security
Learn the gory details of securing Sendmail and Apache
Learn to install key security tools, such as PGP and Secure Shell
Learn how to configure an effective firewall with IP Chains
Learn how to create effective security policy
Read case studies on break-ins and and their successes and failures
Learn how to block spam
Learn how to protect your customer credit card database
Learn how to quickly detect when someone is breaking in
Learn to recover quickly and completely from break-ins
Load the author's own tools and many open source tools from the included CD-ROM.
Updates and errata for the book is available here.
Extensive attention is devoted to protecting Internet servers, including web servers used for e-commerce, mail servers, and FTP servers. SSH, the secure shell, and the GNU version of PGP are covered in detail in a step-by-step fashion. It offers a unique but easy-to-implement method to protect your database of customer credit cards from almost any attack by crackers. 300,000 customer credit card numbers were stolen from one site alone (CD Universe), possibly 4,000,000 from another (Egg Head); do not be next.
The author recognizes that despite the best efforts of talented system administrators, some systems will suffer break-ins. Rather than the usual "install from backup, good luck, and don't call me" this book devotes over 60,000 words to preparing for this, detecting it, and very rapidly recovering from almost any break-in. Learn how to have your system page you when an attempted break-in or successful web page defacement occurs.
If your site is breached it will allow you the fastest recovery with the least damage to your data and organization. The White House, the FBI and CIA, Lloyds of London, eBay, and many others could have benefited from this information. Know what to do and what to expect if you wish to "throw the cracker in prison". Find out how the U.S. Secret Service can help you.
The book contains humorous examples and amusing case studies to add laughs to the topic while illustrating important points. Find out about the problem on the M5 computer, how Ken Thompson broke into a Navy computer, and if Bill's password is "money" or "640k". Find out how one gray hat who had broken into UC Berkeley's main UNIX development system got his password stolen by another person who was breaking in.
The book addresses the difficult issues of policy and laptop security, keeping up to date on the latest vulnerabilities and defenses, tracking an attack back to its source, and how many popular protocol-based attacks work, what to do about buffer overflow vulnerabilities, and CGI program bugs.
"Although it comprises nearly 700 pages, Real World Linux Security is light on filler and bursting with important information on how to secure a Linux host. In reference to space filler, other books often have about a third of their content made up of screen prints and source code listing. Toxen's book fortunately does not use that route and instead directs readers to either a Web site or the companion CD-ROM for source code. The book is useful for all flavors of Linux, yet nearly all of the topics can be applied to other operating systems as well, because the threats are basically the same -- only the common line usage changes.
"At page 25 -- where many other security books would still be addressing
abstract ideas about computer security -- Real World Linux Security
deals with Linux's "Seven Most Deadly Sins." Some of them are: weak
passwords, old software versions, open network ports, and poor physical
security. Just a few of the other critical security topics covered in the
book are: common break-ins by subsystem, establishing security policies,
hardening your system, and scanning your system for anomalies.
...
"Real World Linux Security is the kind of book to which we have to give a good review, as it is seemingly written to butter us up. Bob Toxen says most Linux distributions install too many extra dæmons by default, he lists privacy-violating web advertiser DoubleClick, Inc. as a security issue, and he even uses http://www.linuxjournal.com/ as one of the hosts in an example. We like him already.
"We also have to like the concept of a big, fun workbook full of things we can do to increase the security of our Linux systems and how to prepare to get back up with minimum pain if they do get compromised. So please resist the temptation to, after taking one look at these 694 pages of cracks, sploits, bugs and vulnerabilities, go home, unplug your Linux box from the Net and crouch behind it with a shotgun. This book is here to help you, not scare you, and you should be able to get through the most important parts in a weekend. There's no cause for alarm, but no reason to be smug either.
...
"I found that the book had an easy-to-read style, and Toxen's
explanations are to-the-point, concise and clear. Toxen's writing
style has just the right touch of humour to make this book an
engaging, entertaining and informative read on the subject of
Linux security. I would highly recommend this book to any Linux
SysAdmin (and user) interested in securing their Linux systems.
From practical hands-on tips and techniques to detailed
explanations of attacks and other Linux security issues, this book
is a must-read for anyone interested in Linux security.
...
"Security isn't a subject solely for SysAdmins responsible for maintaining
and administering large corporate networks. It's a subject that every
Linux user and certainly every Linux administrator must educate themselves
on and always be aware of. As Linux continues to attract new users and
becomes more popular in the server space, understanding security issues
and knowing how to secure a Linux system becomes very important.
"Upon opening this book for the first time, I was immediately impressed by the vast amount of information presented. Simply skimming through the book's table of contents, it is easy to appreciate the wide range of topics covered by Toxen.
"The book is divided into three parts, with Part I of the book focused on ways to secure a Linux system.
"Toxen gets off to a quick start with a chapter aptly titled "Quick Fixes for Common Problems", in which he discusses the basic and most common security issues that most SysAdmins have to face.
...
"Not many people know enough about Unix, Linux and security to meld the three topics together in a comprehensive book. Bob Toxen may be the exception. With more than 26 years of Unix and six years of Linux experience, Toxen brings a wealth of knowledge and an easy-to-digest writing style to Real World Linux Security, turning what could have been a dusty tome into an enjoyable read.
"This book isn't just about Linux security; it's for "any Linux and Unix system administrator," as Toxen writes in the introduction. Despite the abundance of technical information, readers will appreciate Toxen's entertaining style as much as the code and detailed examples.
...
"Bob Toxen's Real World Linux Security is a hefty tome, wherein he describes in great detail how to secure a Linux system ... His experience is evident throughout the book, which consists of 21 chapters that cover the gamut of security risks, how to detect and fix them, and what one should do in the event that your system is compromised.
"Real World Linux Security is a complete book that covers all of the bases ... However, the security holes are listed in order of severity in Appendix H, giving the harried system administrator a laundry list of issues to deal with when time is short.
"If you are responsible for the security of a Linux system, you should own this book. Toxen's work is an invaluable asset for novice and experienced admins alike.
...
"Overall this is an excellent book on Linux Security, highly recommended. The book should be read, understood and PRACTICED.
There are many Unix security books in print, but what the Linux system administrator has not had available is one that covers specifically Linux in a substantial way. With "Real World Linux Security" we finally have such a book, written by someone that has been working with Unix since the early days and is one of the original developers of Berkeley Unix.
"This book is useful for the Linux sysadmin for whom Linux is just one more flavor of Unix for them to administer as well as those for whom Linux is their first and only Unix type system to manage. The book will help the first group by saving them time in trying to figure out the "Linux way" of doing something that they know how to do on other types of Unix OSs. The second category of Linux administrators will find this book to be absolutely essential, since they do not have the benefit of having seen something at least similar enough that would allow them to say, take the recommendations on a Solaris security book and figure out how (or if) that would apply under Linux.
"The book makes an effort to cover all the practical issues involved in having a system online and still being secure. It starts with a section that describes how and why Linux systems should be secured. It begins the section with substantial chapter which provides advice on what services should be turned off and how to harden the services that are to be kept. This is followed by a chapter that covers the steps that can be taken to avoid the simpler break-in methods. Then there is chapter 4, the single most important chapter in the book. It covers the major services that get exploited: NFS, portmap, sendmail, FTP, telnet, the "r" commands, DNS, POP, IMAP, and lpd. Hardly a day goes by on a large network without somebody rattling the doorknob on one of these services. Every security administrator should know about the potential problems with each of these services and what to do about them. This is the chapter to study, if they don't.
...
"Of only slightly less universal interest [than SAGE] is Real World Linux Security, by Robert Toxen. This book is remarkable for its accuracy and pertinence in a volatile field; in fact, the worst thing I've found so far in Real World Linux Security is the title. Its contents apply almost equally well to UNIXes other than Linux.
"Toxen is an industry vet who has poured his experience and judgment between the covers of this book. I'm generally discouraged about attempts to say anything simultaneously comprehensive and meaningful about security. Toxen changed my attitude, though. This book balances appropriate technical detail and personal anecdote more usefully and lucidly than I expected. I've tested Real World Linux Security a half-dozen times with situations that have come up in my own work, and each time Toxen had something helpful for me. You can read more about it at Toxen's site http://www.realworldlinuxsecurity.com.
"By and large, I found Bob Toxen's book very good. It is the first really full treatment of Linux security. But therein lies one of its flaws: it's very long. Over 700 pages. Nearly 100 of them made up of appendices. But it's solid; and the topic is an important one. (Perhaps I've said that too often.)
"Toxen has organized the tome well, and he writes well enough that I wasn't in agony at any time. The 20 pages of Chapter 5 ("Common Attacks"); Chapters 10 and 11 ("Case Studies" and "Recent Break-ins"); and the 40 pages on Intrusion Detection (Part III) are exceptionally fine.
"The appendix on references is good, but confusingly organized. Too many non-Prentice Hall books (especially those published by Addison-Wesley and O'Reilly) are missing.
It is mentioned in the October issue of Linux Journal in Stan Kelly-Bootle's column on page 190.
"I won't wish you good luck with your book; all you need is for it to get the attention it deserves. I've been using it over the past week, and, so far, it's proved to be as valuable as the glowing words on the cover promise.
More generally, thanks for taking the time to answer with the detail and personal care you've shown here [in the online interview]. Your remarks have done ME considerable good, and I expect the same is true for other readers, too."
"Real World Linux Security: Intrusion Prevention, Detection, and Recovery. Bob Toxen kindly dropped us a note announcing the publication of his book, "Real World Linux Security: Intrusion Prevention, Detection, and Recovery", by Prentice Hall Ptr. "Most of the problems raised in Bruce Schneier's new book, "Secrets and Lies: Digital Security in a Networked World", are addressed in my book and solutions are offered and explained".
A cookbook style manual on securing a Linux installation.
In
Why We Love Linux, Rob Wright of VARBusiness Magazine talks about how
reliable Linux is.
Connecting any machine to the Internet is a dangerous thing. In these
times, script kiddies routinely scan for vulnerabilities. Linux is a
secure operating system, but it takes a bit of work. To make the job
easier, a good book can help.
"Real World Linux Security" is such a book. What makes this book special
is that it focuses not only on securing your box, but also on preparing
for, detecting, and recovering from intrusions. The fact of the matter
is, an intrusion is a real possibility, and not knowing about it can
almost be worse than the intrusion itself.
...
This is a very good book for someone looking for a beginner's cookbook on
security for Linux. It's full of shell scripts to help you out, links to
get the software, and a well designed classification of vulnerabilities to
help you spend your time more wisely. Don't expect to be a security guru
at the end of it, but you can certainly expect to sleep better at night
As an undergraduate at Berkeley in the late 1970s, he learned about security by breaking into the UNIX systems there, successfully evading such system administrators as Jeff Schriebmann, Bill Joy, and Bob Kridle; they later founded UniSoft, Sun, and Mt. Xinu. Bob is one of the 168 recognized developers of Berkeley UNIX.
He was one of the four developers who did the initial port of UNIX to the Silicon Graphics hardware and has hacked the kernel of a C2-compliant secure UNIX system.
Bob was the architect of the client/server system that NASA's Kennedy Space Center uses to communicate with the 3000 PCs used to store and retrieve the 900 GB of documents pertaining to Space Shuttle Payloads. He was the UNIX System Administrator for the Americas Computer Center for one of the world's largest shipping companies.
Bob was the architect for the server controlling a popular Linux-based Network Disk appliance, the Netgear ND508 and ND520. Mr. Toxen wrote "The Problem Solver" column for UNIX Review magazine and has given many classes on Linux and UNIX. He created the Sunset Computer at http://www.cavu.info/sunset.html, used by hundreds of thousands of people around the world to determine sunrise and sunset and local time. (Even "Ask Jeeves" recommends it.) These include private, commercial, and military pilots, air traffic controllers, photographers, the U.S. Army for planning maneuvers, hunters and game wardens, truckers, and police officers.
Kurt Seifried, Consultant
Michael Warfield, Sr. Wizard X-Force
Internet Security Systems
Larry Gee, Consultant
Stephen Friedl, Consultant
Mike O'Shaughnessy
Dr. Indira Moyer, Consultant
Bob lives in Atlanta, GA, where he is president and CTO of
Horizon Network Security
, which offers inexpensive Firewalls, Virtual Private Networks (VPN), Virus filters, and Routers
on the same Linux box, consulting services in network, Linux, and UNIX
security, and system administration -oriented C programming -- done right the
first time.
Security consulting
Security audits (let us tell you the holes in your firewall and servers)
Network and system hardening (to reduce the likelihood of break-in)
Firewall, VPN, and T1/E1/DSL Router installation, configuration,
and monitoring, including redundant firewalls
24x7 monitoring/repair of sites for crashes, web page defacement, attacks
Recovery from break-ins
Installation of security patches on a timely basis
Routine Linux and Unix System Administration