ISBN-10:
0321194438
ISBN-13:
9780321194435
Pub. Date:
08/12/2004
Publisher:
Prentice Hall
Open Source Security Tools: A Practical Guide to Security Applications

Open Source Security Tools: A Practical Guide to Security Applications

by Tony Howlett
Current price is , Original price is $49.99. You

Temporarily Out of Stock Online

Please check back later for updated availability.

Product Details

ISBN-13: 9780321194435
Publisher: Prentice Hall
Publication date: 08/12/2004
Series: Bruce Perens'Open Source Series
Pages: 608
Product dimensions: 7.00(w) x 8.90(h) x 1.40(d)

About the Author

Tony Howlett is the president of Network Security Services, a computer-security application service provider built entirely on open source software. A Certified Information Systems Security Professional (CISSP) and GIAC Systems and Network Auditor (GNSA), he has fourteen years of experience, including running a major regional ISP/CLEC and building a nationwide ATM/DSL network. Mr. Howlett is a frequent speaker on computer security and technology topics and has written for SysAdmin, Computer Currents, Windows Web Solutions, Security Administrator, and other magazines.



Read an Excerpt

Open source software is such an integral part of the Internet that is it safe to say that the Internet wouldn’t exist as we know it today without it. The Internet never would have grown as fast and as dynamically as it did without open source programs such as BIND, which controls the domain name system; Sendmail, which powers most e-mail servers; INN, which runs many news servers; Major Domo, which runs many of the thousands of mailing lists on the Internet; and of course the popular Apache Web server. One thing for sure is that the Internet is a lot cheaper due to open source software. For that, you can thank the Free Software Foundation, BSD UNIX, Linux and Linus Torvalds, and the thousands of nameless programmers who put their hard work and sweat into the programs that run today’s Internet.

While open source programs cover just about every aspect of computer software—from complete operating systems and games to word processors and databases—this book primarily deals with tools used in computer security. In the security field, there are programs that address every possible angle of IT security. There are open source firewalls, intrusion detection systems, vulnerability scanners, forensic tools, and cutting-edge programs for areas such as wireless communications. There are usually multiple choices in each category of mature, stable programs that compare favorably with commercial products. I have tried to choose the best of breed in each major area of information security (in my opinion, of course!). I present them in a detailed manner, showing you not just how to install and run them but also how to use them in your everyday work to have a more secure network. Using the open source software described in this book, you can secure your enterprise from both internal and external security threats with a minimal cost and maximum benefit for both the company and you personally.

I believe combining the concepts of information security with open source software offers one of the most powerful tools for securing your company’s infrastructure, and by extension the entire Internet. It is common knowledge that large-scale virus infections and worms are able to spread because many systems are improperly secured. I believe that by educating the rank-and-file system managers and giving them the tools to get the job done, we can make the Internet more secure, one network at a time.

Audience

The audience for this book is intended to be the average network or system administrator whose job duties are not specifically security and who has at least several years of experience. This is not to say that security gurus won’t get anything out of this book; there might be areas or tools discussed that are new to you. And likewise, someone just getting into IT will learn quite a bit by installing and using these tools. The concepts discussed and techniques used assume a minimal level of computer and network proficiency.

There is also a broad group of readers that is often overlooked by the many open source books. These are the Windows system administrators. The info-security elite often has a certain disdain for Windows-only administrators, and little has been written on quality open source software for Windows. However, the fact remains that Windows servers make up the lion’s share of the Internet infrastructure, and ignoring this is doing a disservice to them and the security community at large. While overall the book is still tilted towards Linux/UNIX because most open source programs are still Linux/UNIX-only, I have tried to put Windows-based security tools in every chapter. I’ve also included helpful hints and full explanations for those who have never run a UNIX machine.

Contents

This book covers most of the major areas of information security and the open source tools you can use to help secure them. The chapters are designed around the major disciplines of information security and key concepts are covered in each chapter. The tools included on the book’s CD-ROM allow for a lab-like environment that everyone can participate in. All you need is a PC and this book’s CD-ROM to start using the tools described herein.

This book also contains some quick tutorials on basic network terminology and concepts. I have found that while many technicians are well-schooled in their particular platforms or applications, they often lack an understanding of the network protocols and how they work together to get your information from point A to point B. Understanding these concepts are vital to securing your network and implementing these tools properly. So while this book may seem slanted towards the network side of security, most of the threats are coming from there these days, so this is the best place to start.

Coverage of each security tool is prefaced by a summary of the tool, contact information, and various resources for support and more information. While I give a fairly detailed look at the tools covered, whole books can and have been written on many of the programs discussed. These resources give you options for further research.

Helpful and sometimes humorous tips and tricks and tangents are used to accent or emphasize an area of particular importance. These are introduced by Flamey the Tech, our helpful yet sometimes acerbic mascot who is there to help and inform the newbies as well as keeping the more technical readers interested in sections where we actually make some minor modifications to the program code. He resembles the denizens you may encounter in the open source world. In exploring the open source world, you will meet many diverse, brilliant, and sometimes bizarre personalities (you have to be a least a little bent to spend as much unpaid time on these programs as some of us do). Knowing the proper etiquette and protocol will get you a lot farther and with fewer flames. On a more serious note, many of the tools in this book can be destructive or malicious if used in the wrong ways. You can unintentionally break the law if you use these tools in an uninformed or careless manner (for example, accidentally scanning IP addresses that aren’t yours with safe mode off). Flamey will always pipe up to warn you when this is a possibility.

Open Source Security Tool Index

Immediately following this Preface is a listing of all the tools and the pages where they are covered. This way you can skip all the background and go straight to installing the tools if you want.

Chapter 1: Information Security and Open Source Software

This chapter offers an introduction to the world of information security and open source software. The current state of computer security is discussed along with a brief history of the open source movement.

Chapter 2: Operating System Tools

This chapter covers the importance of setting up your security tool system as securely as possible. A tool for hardening Linux systems is discussed as well as considerations for hardening Windows systems. Several operating system-level tools are reviewed too. These basic tools are like a security administrator’s screwdriver and will be used again and again throughout the course of this book and your job.

Chapter 3: Firewalls

The basics of TCP/IP communications and how firewalls work are covered here before jumping into installing and setting up your own open source firewall.

Chapter 4: Port Scanners

This chapter delves deeper into the TCP/IP stack, especially the application layer and ports. It describes the installation and uses for a port scanner, which builds up to the next chapter.

Chapter 5: Vulnerability Scanners

This chapter details a tool that uses some of the earlier technology such as port scanning, but takes it a step further and actually tests the security of the open ports found. This security Swiss army knife will scan your whole network and give you a detailed report on any security holes that it finds.

Chapter 6: Network Sniffers

This chapter primarily deals with the lower levels of the OSI model and how to capture raw data off the wire. Many of the later tools use this basic technology, and it shows how sniffers can be used to diagnose all kinds of network issues in addition to tracking down security problems.

Chapter 7: Intrusion Detection Systems

A tool that uses the sniffer technology introduced in the previous chapter is used here to build a network intrusion detection system. Installation, maintenance, and optimal use are also discussed.

Chapter 8: Analysis and Management Tools

This chapter examines how to keep track of security data and log it efficiently for later review. It also looks at tools that help you analyze the security data and put it in a more usable format.

Chapter 9: Encryption Tools

Sending sensitive data over the Internet is a big concern these days, yet it is becoming more and more of a requirement. These tools will help you encrypt your communications and files with strong encryption as well as create IPsec VPNs.

Chapter 10: Wireless Tools

Wireless networks are becoming quite popular and the tools in this chapter will help you make sure that any wireless networks your company uses are secure and that there aren’t wireless LANs you don’t know about.

Chapter 11: Forensic Tools

The tools discussed in this chapter will help you investigate past break-ins and how to properly collect digital evidence.

Chapter 12: More On Open Source Software

Finally, this chapter will give you resources for finding out more about open source software. Various key Web sites, mailing lists, and other Internet-based resources are identified. Also, I give a number of ways to become more involved in the open source movement if you so desire.

Appendix A: Common Open Source Licenses

Contains the two main open source licenses, the GPL and BSD software licenses.

Appendix B: Basic Linux/UNIX Commands

Contains basic navigation and file manipulation commands for those new to UNIX and Linux.

Appendix C: Well-Known TCP/IP Port Numbers

Contains a listing of all the known port numbers as per IANA. Note that this section is not intended to be comprehensive and is subject to constant update. Please check the IANA Web site for the most current information.

Appendix D: General Permission and Waiver Form

Contains a template for getting permission to scan a third-party network (one that is not your own). This is intended to be used as an example only and is not intended as a legal document.

Appendix E: Nessus Plug-ins

Contains a partial listing of plug-ins for the Nessus Vulnerability Scanner discussed in Chapter 5. This listing will not be the most current since the plug-ins are updated daily. The Nessus Web site should be consulted for plug-ins added after January 12, 2004.

CD-ROM Contents and Organization

The CD-ROM that accompanies this book has most of the open source security tools on it for easy access and installation. The disk is organized into directories labeled by tool. If there are separate files for Windows and Linux, they will be in their own directories. The directory “Misc” has various drivers and other documentation such as RFCs that will be of general use through your reading.

Using the Tools

Whenever possible, the tools in this book are provided in RedHat Package Manager (RPM) format. Of course, you don’t have to be running RedHat Linux to use RPM. The RedHat folks originally designed it, but now it comes with most Linux versions. The RedHat Package Manager automates the installation process of a program and makes sure you have all the supporting programs and so forth. It is similar to a Windows installation process where you are guided through the process graphically and prompted where necessary. Using the RPM is almost always preferable to doing a manual installation. When you need to set custom install parameters or if a RPM file is not available for your distribution, I describe how to install the program manually. If the RPM file is provided, simply download the file or copy it from the CD-ROM that comes with this book and click on it. Your version of RPM will take care of the rest.

If you use any of the other variations of UNIX (BSD, Solaris, HP/UX, and so on), they will probably work with the tools in this book, but the installation instructions may be different. You can run most of the tools in this book on alternative versions of UNIX or Linux. Staying within the Linux family will certainly make compatibility more likely with the actual tools on the CD-ROM. If you have to download a different version of the program, some of the features discussed may not be supported. But if you are a Solaris aficionado or believe that BSD is the only way to go, feel free to use it as your security workstation. Just be aware that the instructions in this book were designed for a specific implementation and you may have to do some additional homework to get it to work. The platforms supported are listed at the beginning of each tool description.

Reference Installation

Most of the tools in this book were tested and reviewed on the following platforms:

  • Mandrake Linux 9.1 on a HP Vectra series PC and a Compaq Presario laptop.
  • Windows XP Pro and Windows 2000 Pro on a Compaq Prosignia series desktop and Compaq Armada laptop.
Input or Variables

In code and command examples, italics are used to designate user input. The words in italics should be replaced with the variables or values specific to your installation. Operating system-level commands appear like this:

ssh -l login hostname

Due to page size limits, code lines that wrap are indented with a small indent.

I hope you enjoy and learn from this book. There are many, many more tools that I couldn’t include due to space limitations, and I apologize in advance if I didn’t include your favorite tool. I had room to cover only my favorites and tried to pick the best of breed in each category. I’m sure some will differ with my choices; feel free to e-mail me at tony@howlett.org, and perhaps those will make it into a future edition.

Table of Contents

Preface.

Audience.

Contents.

CD-ROM Contents and Organization.

Tools Index.

1. Information Security and Open Source Software.

The Practice of Information Security.

The State of Computer Crime.

Info-Security Business Risks.

Open Source History.

Open Source Advantages.

When Open Source May Not Fit Your Needs.

Windows and Open Source.

Open Source Licenses.

2. Operating System Tools.

Hardening Your Security Tool System.

traceroute (UNIX) or tracert (Windows): Network Diagnostic Tools.

Considerations for Hardening Windows.

3. Firewalls.

Network Architecture Basics.

TCP/IP Networking.

Security Business Processes.

SmoothWall Hardware Requirements.

SmoothWall Express Versus SmoothWall Corporate.

Installing SmoothWall.

Administering the SmoothWall Firewall.

Creating a VPN on the SmoothWall Firewall.

Windows-Based Firewalls.

4. Port Scanners.

Overview of Port Scanners.

Considerations for Port Scanning.

Uses for Port Scanners.

5. Vulnerability Scanners.

Identifying Security Holes in Your Systems.

Vulnerability Scanners to the Rescue.

Considerations for Vulnerability Scanning.

What Vulnerability Testing Doesn’t Find.

6. Network Sniffers.

A Brief History of Ethernet.

Considerations for Network Sniffing.

TCP/IP Packet Headers.

7. Intrusion Detection Systems.

NIDS Signature Examples.

The Problem of NIDS False Positives.

Getting the Most Out of Your IDS.

Configuring Snort for Maximum Performance.

Host-Based Intrusion Detection.

8. Analysis and Management Tools.

Using Databases and Web Servers to Manage Your Security Data.

The Birth of an Open Source Project.

9. Encryption Tools.

Types of Encryption.

Virtual Private Networks.

10.Wireless Tools.

Wireless LAN Technology.

Dangers of Wireless LANs.

The “War-Driving” Phenomenon.

Performing a Wireless Network Security Assessment.

Steps for More Secure Wireless LANs.

11. Forensic Tools.

Uses for Computer Forensic Tools.

Building an Incident Response Plan.

Preparing for Good Forensic Data.

Where to Look for Forensic Data.

Tenets of Good Forensic Analysis.

Forensic Analysis Tools.

Reviewing Log Files.

Making Copies of Forensic Evidence.

12. More on Open Source Software.

Open Source Resources.

Joining the Open Source Movement.

More Open Source Security Tools.

Appendix A Open Source Licenses.

Appendix B Basic Linux/UNIX Commands.

Appendix C Well-Known TCP/IP Port Numbers.

Appendix D General Permission and Waiver Form.

Appendix E.

References.

Index.

Preface

Open source software is such an integral part of the Internet that is it safe to say that the Internet wouldn’t exist as we know it today without it. The Internet never would have grown as fast and as dynamically as it did without open source programs such as BIND, which controls the domain name system; Sendmail, which powers most e-mail servers; INN, which runs many news servers; Major Domo, which runs many of the thousands of mailing lists on the Internet; and of course the popular Apache Web server. One thing for sure is that the Internet is a lot cheaper due to open source software. For that, you can thank the Free Software Foundation, BSD UNIX, Linux and Linus Torvalds, and the thousands of nameless programmers who put their hard work and sweat into the programs that run today’s Internet.

While open source programs cover just about every aspect of computer software—from complete operating systems and games to word processors and databases—this book primarily deals with tools used in computer security. In the security field, there are programs that address every possible angle of IT security. There are open source firewalls, intrusion detection systems, vulnerability scanners, forensic tools, and cutting-edge programs for areas such as wireless communications. There are usually multiple choices in each category of mature, stable programs that compare favorably with commercial products. I have tried to choose the best of breed in each major area of information security (in my opinion, of course!). I present them in a detailed manner, showing you not just how to install and run them but also how to use them in your everyday work to have a more secure network. Using the open source software described in this book, you can secure your enterprise from both internal and external security threats with a minimal cost and maximum benefit for both the company and you personally.

I believe combining the concepts of information security with open source software offers one of the most powerful tools for securing your company’s infrastructure, and by extension the entire Internet. It is common knowledge that large-scale virus infections and worms are able to spread because many systems are improperly secured. I believe that by educating the rank-and-file system managers and giving them the tools to get the job done, we can make the Internet more secure, one network at a time.

Audience

The audience for this book is intended to be the average network or system administrator whose job duties are not specifically security and who has at least several years of experience. This is not to say that security gurus won’t get anything out of this book; there might be areas or tools discussed that are new to you. And likewise, someone just getting into IT will learn quite a bit by installing and using these tools. The concepts discussed and techniques used assume a minimal level of computer and network proficiency.

There is also a broad group of readers that is often overlooked by the many open source books. These are the Windows system administrators. The info-security elite often has a certain disdain for Windows-only administrators, and little has been written on quality open source software for Windows. However, the fact remains that Windows servers make up the lion’s share of the Internet infrastructure, and ignoring this is doing a disservice to them and the security community at large. While overall the book is still tilted towards Linux/UNIX because most open source programs are still Linux/UNIX-only, I have tried to put Windows-based security tools in every chapter. I’ve also included helpful hints and full explanations for those who have never run a UNIX machine.

Contents

This book covers most of the major areas of information security and the open source tools you can use to help secure them. The chapters are designed around the major disciplines of information security and key concepts are covered in each chapter. The tools included on the book’s CD-ROM allow for a lab-like environment that everyone can participate in. All you need is a PC and this book’s CD-ROM to start using the tools described herein.

This book also contains some quick tutorials on basic network terminology and concepts. I have found that while many technicians are well-schooled in their particular platforms or applications, they often lack an understanding of the network protocols and how they work together to get your information from point A to point B. Understanding these concepts are vital to securing your network and implementing these tools properly. So while this book may seem slanted towards the network side of security, most of the threats are coming from there these days, so this is the best place to start.

Coverage of each security tool is prefaced by a summary of the tool, contact information, and various resources for support and more information. While I give a fairly detailed look at the tools covered, whole books can and have been written on many of the programs discussed. These resources give you options for further research.

Helpful and sometimes humorous tips and tricks and tangents are used to accent or emphasize an area of particular importance. These are introduced by Flamey the Tech, our helpful yet sometimes acerbic mascot who is there to help and inform the newbies as well as keeping the more technical readers interested in sections where we actually make some minor modifications to the program code. He resembles the denizens you may encounter in the open source world. In exploring the open source world, you will meet many diverse, brilliant, and sometimes bizarre personalities (you have to be a least a little bent to spend as much unpaid time on these programs as some of us do). Knowing the proper etiquette and protocol will get you a lot farther and with fewer flames. On a more serious note, many of the tools in this book can be destructive or malicious if used in the wrong ways. You can unintentionally break the law if you use these tools in an uninformed or careless manner (for example, accidentally scanning IP addresses that aren’t yours with safe mode off). Flamey will always pipe up to warn you when this is a possibility.

Open Source Security Tool Index

Immediately following this Preface is a listing of all the tools and the pages where they are covered. This way you can skip all the background and go straight to installing the tools if you want.

Chapter 1: Information Security and Open Source Software

This chapter offers an introduction to the world of information security and open source software. The current state of computer security is discussed along with a brief history of the open source movement.

Chapter 2: Operating System Tools

This chapter covers the importance of setting up your security tool system as securely as possible. A tool for hardening Linux systems is discussed as well as considerations for hardening Windows systems. Several operating system-level tools are reviewed too. These basic tools are like a security administrator’s screwdriver and will be used again and again throughout the course of this book and your job.

Chapter 3: Firewalls

The basics of TCP/IP communications and how firewalls work are covered here before jumping into installing and setting up your own open source firewall.

Chapter 4: Port Scanners

This chapter delves deeper into the TCP/IP stack, especially the application layer and ports. It describes the installation and uses for a port scanner, which builds up to the next chapter.

Chapter 5: Vulnerability Scanners

This chapter details a tool that uses some of the earlier technology such as port scanning, but takes it a step further and actually tests the security of the open ports found. This security Swiss army knife will scan your whole network and give you a detailed report on any security holes that it finds.

Chapter 6: Network Sniffers

This chapter primarily deals with the lower levels of the OSI model and how to capture raw data off the wire. Many of the later tools use this basic technology, and it shows how sniffers can be used to diagnose all kinds of network issues in addition to tracking down security problems.

Chapter 7: Intrusion Detection Systems

A tool that uses the sniffer technology introduced in the previous chapter is used here to build a network intrusion detection system. Installation, maintenance, and optimal use are also discussed.

Chapter 8: Analysis and Management Tools

This chapter examines how to keep track of security data and log it efficiently for later review. It also looks at tools that help you analyze the security data and put it in a more usable format.

Chapter 9: Encryption Tools

Sending sensitive data over the Internet is a big concern these days, yet it is becoming more and more of a requirement. These tools will help you encrypt your communications and files with strong encryption as well as create IPsec VPNs.

Chapter 10: Wireless Tools

Wireless networks are becoming quite popular and the tools in this chapter will help you make sure that any wireless networks your company uses are secure and that there aren’t wireless LANs you don’t know about.

Chapter 11: Forensic Tools

The tools discussed in this chapter will help you investigate past break-ins and how to properly collect digital evidence.

Chapter 12: More On Open Source Software

Finally, this chapter will give you resources for finding out more about open source software. Various key Web sites, mailing lists, and other Internet-based resources are identified. Also, I give a number of ways to become more involved in the open source movement if you so desire.

Appendix A: Common Open Source Licenses

Contains the two main open source licenses, the GPL and BSD software licenses.

Appendix B: Basic Linux/UNIX Commands

Contains basic navigation and file manipulation commands for those new to UNIX and Linux.

Appendix C: Well-Known TCP/IP Port Numbers

Contains a listing of all the known port numbers as per IANA. Note that this section is not intended to be comprehensive and is subject to constant update. Please check the IANA Web site for the most current information.

Appendix D: General Permission and Waiver Form

Contains a template for getting permission to scan a third-party network (one that is not your own). This is intended to be used as an example only and is not intended as a legal document.

Appendix E: Nessus Plug-ins

Contains a partial listing of plug-ins for the Nessus Vulnerability Scanner discussed in Chapter 5. This listing will not be the most current since the plug-ins are updated daily. The Nessus Web site should be consulted for plug-ins added after January 12, 2004.

CD-ROM Contents and Organization

The CD-ROM that accompanies this book has most of the open source security tools on it for easy access and installation. The disk is organized into directories labeled by tool. If there are separate files for Windows and Linux, they will be in their own directories. The directory “Misc” has various drivers and other documentation such as RFCs that will be of general use through your reading.

Using the Tools

Whenever possible, the tools in this book are provided in RedHat Package Manager (RPM) format. Of course, you don’t have to be running RedHat Linux to use RPM. The RedHat folks originally designed it, but now it comes with most Linux versions. The RedHat Package Manager automates the installation process of a program and makes sure you have all the supporting programs and so forth. It is similar to a Windows installation process where you are guided through the process graphically and prompted where necessary. Using the RPM is almost always preferable to doing a manual installation. When you need to set custom install parameters or if a RPM file is not available for your distribution, I describe how to install the program manually. If the RPM file is provided, simply download the file or copy it from the CD-ROM that comes with this book and click on it. Your version of RPM will take care of the rest.

If you use any of the other variations of UNIX (BSD, Solaris, HP/UX, and so on), they will probably work with the tools in this book, but the installation instructions may be different. You can run most of the tools in this book on alternative versions of UNIX or Linux. Staying within the Linux family will certainly make compatibility more likely with the actual tools on the CD-ROM. If you have to download a different version of the program, some of the features discussed may not be supported. But if you are a Solaris aficionado or believe that BSD is the only way to go, feel free to use it as your security workstation. Just be aware that the instructions in this book were designed for a specific implementation and you may have to do some additional homework to get it to work. The platforms supported are listed at the beginning of each tool description.

Reference Installation

Most of the tools in this book were tested and reviewed on the following platforms:

  • Mandrake Linux 9.1 on a HP Vectra series PC and a Compaq Presario laptop.
  • Windows XP Pro and Windows 2000 Pro on a Compaq Prosignia series desktop and Compaq Armada laptop.

Input or Variables

In code and command examples, italics are used to designate user input. The words in italics should be replaced with the variables or values specific to your installation. Operating system-level commands appear like this:

ssh -l login hostname

Due to page size limits, code lines that wrap are indented with a small indent.

I hope you enjoy and learn from this book. There are many, many more tools that I couldn’t include due to space limitations, and I apologize in advance if I didn’t include your favorite tool. I had room to cover only my favorites and tried to pick the best of breed in each category. I’m sure some will differ with my choices; feel free to e-mail me at tony@howlett.org, and perhaps those will make it into a future edition.

Customer Reviews

Most Helpful Customer Reviews

See All Customer Reviews

Open Source Security Tools: A Practical Guide to Security Applications 4.5 out of 5 based on 0 ratings. 2 reviews.
Guest More than 1 year ago
Tony Howlett has created a tome that is as valuable to the average overworked System Administrator as the Swiss Army knife was to McGyver. If you want to start securing your servers and your network without spending a lot of money you need to leverage the open source community. In this _Practical Guide to Security Applications_ Tony Howlett introduces us to this large body of work in the public domain and gives us a guided tour of some of its best known tools. This book isn't going to do your work for you, but it is going to help identify some best-of-breed applications in the open source arena that will assist you in getting your job done. This book is applicable for the novice who wants some help getting their feet wet and is also good as a quick reference for those with some experience. There are many reasons to add this book to your library at work: -the identification of both windows and *nix open source applications -explanations of the different security tools -step by step installation and implementation of the tools Although no one book will show you everything that you need to know to secure your network, this one by Howlett will help you to make educated choices about how you want to start monitoring the gates and mitigate the impact of their breach without throwing money at consultants.
Guest More than 1 year ago
Howlett spans both the unix/linux and Microsoft worlds in his offering of free, open source security programs. There really is a surprising amount of reliable, free packages out there, for you to bolt down your network. He shows this at the book's start, with a simple but very convenient table of tools, like Ethereal, finger, OpenSSH, PGP, Snort and traceroute. Many others are also listed. Several are available on both operating systems. Here, I consider all the unix/linux OSs as one, and likewise with Microsoft. The book can be regarded as a buildout of the table. Explaining each tool's best usage, with examples and screen captures. But Howlett offers more than just an encyclopaediac reference approach to the tools. That's more of a bottoms-up outlook. The book has a top-down view that starts with high level topics like firewalls and network sniffers and suggests how to understand the salient points. And thence use some tools optimised for these. In passing, when he talks about why a cracker might want to break into your system, even if you have nothing in it worthwhile to her, he understates the danger. If you have a machine with a broadband connection, then a cracker has an economic incentive to take it over. She can use it to transmit spam (especially the phishing variety) to other, larger networks. Because open relays are getting closed up, to prevent spam, then some spammers are resorting to creating their own open relays, in this fashion. Howlett describes her using your system for DDOS attacks. But spam injection is actually a better reason, inasmuch as she can actually make money from this. Of course, this scarcely invalidates his text. If anything, it increases the need for it.