Secure Servers with Linux, by Michael D. Bauer
by: O'Reilly & Associates, go
to the web site
the author of Linux Journal's "Paranoid Penguin" column
comes what may be the best-ever, common sense guide
to securing network attached Linux servers. While
Bauer admits that the only true way to secure a server
is by disconnecting it and powering it down, he writes
for those who must maintain always-on, connected
servers (and for whom other suggested securing techniques
such as drive degaussing and pulverizing are simply
out of the question).
The book begins with a discussion of threat modeling and
risk management. Here, Mr. Bauer points out the importance
of knowing the enemy you're protecting yourself from, and
emphasizes that this enemy is often a moving threat.
Chapter 2, Designing Perimeter Networks, shows the importance
of smart network design in protecting network (or Internet)
accessible hosts. In this section, Bauer brings into play
the specific roles of firewalls, bastion hosts, and the demilitarized
The next chapter, Hardening Linux, tells of the importance
of securing bastion servers located behind the firewall,
but within the DMZ. Bauer stresses that these servers should
be hardened as if there were no firewall in place, using
the assumption that sooner or later, even firewall-protected
servers may be compromized. This chapter also instructs the
reader on the importance of applying patches to protect against
new vulnerabilities and exploits.
From here, the book goes into a chapter-by-chapter barrage
of how to secure individual services - remote administration,
tunneling, DNS, Internet email, web services, and file services.
chapters, System Log Management and Monitoring, and Simple
Intrusion Detection Techniques, give information
on both early warnings of attempted exploits and the gathering
of orensic data for use in further hardening or patching
of particular systems or services.
The concepts and methods applied in this book give the Linux
Administrator not only a wonderful guide to the intricacies
of systems security, but also a conceptual toolbox and a
deep understanding of common sense security techniques. Recommended.
the Editor are welcome and occasionally abused in public.
e-mail to: firstname.lastname@example.org