Solid Information
ISECOM, the renowned research organization for security, has again "made sense" of securing a Linux network against attacks. The book is a thorough guide to understanding how to "separate the asset from the threat" and block hackers from playing in the ultimate playground of Linux. The authors take you from the elements of security, to hacking the system, to hacking the users.
What is particularly helpful are the case studies. If you or your company's employees need to travel and access your company's website via wireless connection, you'll be especially interested in the case study in Chapter Eight, where a hacker tracks a signal to a hotel's access point and creates legit-looking error pages in order to obtain the account information of the user. Also helpful are their usual attack and countermeasure icons, which further define how to pinpoint areas of risk.
Security teams looking to evaluate their areas of vulnerability within Linux will be forearmed with the powerful arsenal of preventative approaches covered in this edition. All of the material is new, based upon the most recent and thorough security research. The hacking and countermeasure are based on the OSSTMM, the security testing standard, and cover all known attacks on Linux as well as how to prepare the system to repel unknown attacks. A great buy for the Amazon price of $31.49.
Fantastic Security Resource
I found this book to have enough depth to assist in protecting your network and computer assets, but would have like to seen more specific examples in some cases.
High Points:
Circumventing Bios Passwords
chrooting
Fingerpring scrambling
Secure Network Topology
X.25 Information
Messy and mediocre Linux security book
I will probably take a lot of heat for this, so let me start by putting on my asbestos suit.
To quote the beginning of this book, page About the authors:
This book was written by multiple authors, reviewers, and editors - too many to all be listed here - who collaborated to create the best Linux hacking book they could.
The best Linux hacking book! Wow I will probably like this book, having already read and used the OSSTMM from ISECOM before.
Then I got very excited reading the praise of the book from Jake Kouns on the front cover, reading praise by Clement Dupuis on the back cover book and browsing the Table of Contents. This book is going to be so much fun reviewing and will probably have me recommending it for future training and courses about Unix/Linux security.
The reason I start saying Unix/Linux, and will soon only say Unix - is that this book tries to cover more than just Linux. Examples include appendices with information about BSD security, listing FreeBSD, NetBSD and OpenBSD information, and also including references to other Unix systems in the book.
I will also use the term Unix, because lets face it there is a lot in common between Unix systems, from Linux to Mac OS X - as anyone will know from reading a real Unix Security book like Practical Unix and Internet Security from O'Reilly - THE BOOK about Unix security.
I was very disappointed, and I have to be true to the wording - the best Linux hacking book. This book is not about hacking Linux, it is more about hacking WITH Linux. Will all respect for the authors I will try to explain why this review is not outright positive.
Let me start by get some problems sorted out immediately.
It is not a problem that this book is written by multiple authors, there seems to be more or less the same writing proficiency - quite good writing actually.
It is not a problem that this book includes relevant security information. This information could alert the reader to different attack vectors or enhance the experience while reading the book. Great to have a setting and presenting the reasons why we should secure our infrastructures based on Unix.
What is a problem then
The problem is that this book is really about general information security. Having just taught a week of CISSP CBK I recognize a lot from this book, and there is a lot of good advice in this book. I am also teaching a lot of penetration testing USING Linux for doing hacking, so I can recognize a lot of good stuff about hacking WITH Linux and Linux programs.
It is a problem that this book use a lot of prose to explain that some things are important, and when they should get down to doing the actual work they reference How To documents or existing projects doing the actual stuff.
Let me give a few examples.
BIOS password security is vital for Linux, and disk encryption - go read a howto
Chapter 4 includes about 4 pages about BIOS passwords and how to circumvent these. Then a single page is presented with the title Whole Disk or Partition Encryption, which is supported by two half page screenshots and links to existing howtos and mentioning that you can use tools like Truecrypt and BestCrypt. Great stuff, really taught me how to use that! BTW the link for the howto is: http://tldp.org/HOWTO/html_single/Disk-Encryption-HOWTO/
Another example.
Unconventional Data Attack Vectors - does X.25 still matters?
Chapter 6 includes a very nice treatment of wardialing and accessing modems using programs that run on Unix. This is related to Unix, but actually not specific to hacking Unix. Then we have more than 25 pages of X.25 - an old technology. The author proclaims early in the chapter that X.25 is being used, but other pages on the internet say that use is in "dramatic decline".
Since I have actually used X.25 I feel compelled to say that this technology IS dead, like SNA it requires bad configuration magic and a lot of voodoo to get a basic connection, and I would not even dream of trying to do scanning using this technology. Further I am told in this chapter that of four tools, only two of these can be downloaded - the rest are PRIVATE! Yeah great, that will help me a lot.
One tool listed is by the guy writing this chapter, Marco Ivaldi and I am sure the tool is great, the writing is great - but I don't believe that a reader searching for the best Linux hacking book really appreciates 8,5 pages of country calling codes in a book containing only about 500 pages. (Amazon list this book as having 800 pages, but from 530 til 591 are appendices, and index stop on page number 613.)
Yet another example
OpenSSH is vital, but why have options listed all over the book?
A thorough description of the OpenSSH configuration is a subject that most Unix people need. Only a few options are listed, and actually placed in different places of the book, some listed on page 535 in Appendix A: Management and Maintenance and others listed on page 576 in Appendix C: BSD. And ohhh if you need privilege seperation it is on page 78, during chroot description. To be fair, the index does list two of these - but why under SSH and not OpenSSH.
OpenSSH is vital to the security of your Linux or Unix system. There is no doubt that the best Hacking Linux book should cover this in more detail. I actually also noticed a very common error, specifying that PasswordAuthentication is the option to disallow password loging at all is wrong. To turn off password login you need to have both of these options.
PasswordAuthentication no
ChallengeResponseAuthentication no
and what about PAM! Pluggable Authentication Modules are used on Linux, and some Unix systems, and is vital to the security of your system. This subject is not in any way described in a proper way that would allow a reader to secure a Unix system. Neither are a lot of other Unix related technologies described, even though they are found and used in real life environments with Unix. To be the best you will have to at least describe the common attack vectors like NFS attacks, FTP attacks and more in some detail.
These examples unfortunately got a bit long, so to get back on track. This book does not present Unix security efficiently, so perhaps ISECOM and me do not agree what a hacking Linux book is?
What is a Hacking Linux book
I would assume the book would use tools to hack into Linux and show the options I could change to prevent these. This is what I have come to expect from reading books in the Hacking Exposed series like Hacking Exposed: Network Security Secrets Solutions. Listing attacks, tools and countermeasures basically.
If the authors wish to push a testing methodology while doing so, go ahead! You have a great testing methodology the ISECOM OSSTMM and you have the skills from the authors. Unfortunately you have failed to provide that along with the Hacking Exposed feeling and I consider the outcome messy and mediocre.
Messy because the goal of the chapters become unclear and mediocre because more specialized books already talk about hacking using the tools presented.
Having other books in the Hacking Exposed giving tools for breaking INTO the system and how to protect, while this book is about USING Unix to break into - anything. Having a wardriving program running on Unix will find modems, no matter if they are connected to Unix or Windows.
To summarize, the things that work for this book are:
* It treats information security nicely in some parts and will give you some overview from physical security through some parts that may be relevant. The information is for the most part not specific to Unix systems nor Linux systems and certainly not targeted even at a specific Linux distribution. The BSD parts listed in the appendices are actually more focused on specific features available than the rest of the book.
* The chapters and parts about Analysis of C code, wardialing, wireless security, Voice over IP and others do actually work. The chapter about Voice over IP is dense with information and the chapter about wireless presents nicely detailed information with nice balance between attack, tools and defense.
Things that do not work are:
* Having a 40 page introduction before getting to anything Unix specific is not working, other Hacking Exposed book dive right into technical stuff.
* Listing the reasons to have protection, but not explaining HOW TO secure the Linux server, pointing to existing howto documents that the reader must fetch to be able to do anything usefull is not right.
* The organization with real good vital information in appendices, do not work. The meat of a book is part of the chapters and appendices are supplemental information, period.
* The index does not work. You can look up SSL or TLS, both are not explained, but you are directed to page 399 - which do not explain those as Secure Sockets Layer and Transport Layer Security. During the writing of my review I was unable to locate a reference to these protocols in the book, but there SHOULD be one in the book.
* Having a mail services chapter without listing a comparison of some popular mailservers for Unix is not working. You may only be running Sendmail but the mail servers like Postfix, Qmail, Exim has a lot of users and warrant a fair treatment. Actually I would go as far as arguing that a high percentage of security consultants would be happy to put Sendmail to sleep and never recommend it for new installations.
* X.25 - is this really needed today - spending 25 pages listing arcane stuff that 99% of the readers won't be able to use because the programmers have not disclosed the tools?
... lets stop now, the authors did explain good stuff, it is just not enough focused on Unix and/or Linux.
Target audience
I actually don't really know who this book is aimed at. The level of detail is certainly not enough for advanced users and beginners in Linux security will be confused.
Conclusion
If you need a book about running tools to analyze C code, test VoIP or wireless security on Linux and using Linux, this book might have good information.
On the other hand if you are looking for a book because you have the task of securing Linux systems this book will not help you much. This fails the book from my viewpoint and only earns an overall grade of messy and mediocre, even though there are some parts that contain good information in this book.
If you need to know more about the OSSTMM and applying the methodology to actual attacks, you might get some information - but in all fairness reading the actual OSSTMM and articles are the source.
First time not disappointed
This is the first time that I'm not disappointed at all after buying a new edition of a Hacking Exposed book. Yes, it is not a rehash of the 2nd edition. What's wrong about that? Combining the concepts of OSSTMM and Hacking Exposed was a wonderful idea. It's an excellent starting point for both students and professionals. I wish we would see more innovation like this on the security book market.
Ahem...
Quoted by request from Pete Herzog:
"As the project lead for this book, we did look to encompass hacking
ALL of Linux and not just networking. We spent the first 3 short
chapters of the book explaining how to apply the OSSTMM, the FREE,
OPEN standard for proper security testing, to the testing of the
systems. It was in no way an advertisement for something that is
public domain (and free!). The reviewer also refers to things which
were covered in the book under authentication attacks (FTP, SSH,
RLOGIN, TELNET) through dictionary and brute-force attacks. We ignored
RPC because that is used in MS Windows systems so why would it be? We
also talk about where to find the latest exploits and tools to use
them. We did not list exploits for various services because most of
them are old and if not, would be by the time the book was published.
The reviewer mentions RLOGIN which has not had a service exploit since
2001! The best ways to try to hack something that has no known
exploits is explained. We just don't need a whole book to do it.
Instead we focus on the few big, complicated services in Linux
networking (DNS, SMTP, and HTTP/S) and devote whole chapters to them.
The book will help people focus on securing their Linux systems no
matter what they do with it-- desktop, services, coding workbench,
wireless node, PBX, VOIP, etc. by hacking them, it just doesn't waste
your time with old exploits."
(6 reviews)
