Book: Network Security Hacks by Andrew Lockhart

100 useful computer security practices

Andrew Lockhart
Network Security Hacks: 100 Industrial-Strength Tips & Tools
O'Reilly, 2004
ISBN: 0-596-00643-8
280 pages (main text)

As you can tell from this book's subtitle, the word "hacks" in the title Network Security Hacks is used in one of its original senses: a good or ingenious idea. This book isn't a catalog of computer break-ins.

Each of the 100 hacks is described in a short section with a title, a one-sentence description, and generally a couple of pages of discussion. The hacks are organized into eight chapters:

Unix Host Security
Windows Host Security
Network Security
Monitoring and Trending
Secure Tunnels
Network Intrusion Detection
Recovery and Response

The hacks aren't evenly divided among chapters; "Monitoring and Trending" is pretty short and "Network Security" is pretty long. Each chapter has an introduction that isn't very interesting ("In this chapter, you'll learn....").

The hacks themselves are pretty good. I'm not qualified to comment on the ones that have to do with Windows, but on Unix and network security there's plenty of good sense here. The discussions are of varying value. That is, once you've said "Run ntop for Real-Time Network Stats" (hack 63), someone with clues (and this book is addressed to people with geeky clues) probably doesn't need a lot more help. I mean, you'd Google for ntop's site and read the documentation there to see if it does something you'd find useful. On the other hand, the discussions for "Firewall with Netfilter" (hack 33) and "Firewall with OpenBSD's PacketFilter" (hack 34) have useful examples of the sorts of rules you'd want to run on a firewall host. Most of the discussions are useful but few are vital.

One thing that's missing is any indication of why you would or wouldn't want to use a given hack. That is, "Test Your Firewall" (hack 38) probably makes sense for any network admin. But "Create a Static ARP Table" (hack 32) would be a big nuisance on any but the smallest networks. I'd need to be pretty scared of ARP-table poisoning attacks before I went to that much trouble. The book is a toolbox, not a tutorial.

If these 100 hacks here were made available as a list of possibly-useful security practices for free on a website, that list would be less useful than this $25 book. But maybe not a whole lot less useful. Still, they're not available that way and some of the discussions are quite good.

Neither of my two favorite security hacks is mentioned. The first was told to me and I haven't yet used it, but I expect to eventually. It is: Use a dedicated log host and cut its transmit pair. The second is from my own experience: Don't run Sendmail, BIND, rsync, or Kerberos. And try really hard not to run any IMAP server or an FTP server that allows non-anonymous logins.

Posted: Thu - September 2, 2004 at 08:16   Main   Category: