Linux Server Security: Tools & Best Practices for Bastion Hosts

I read every column of paranoid penguin and they are quite good. This book is ok, but not great. They (I mean they because several chapters are not by Mike) try to cover a huge amount of information and make the mistake of being both too broad in some areas and too specific in others. Overall, there wasn't a cohesive glue to bring the chapters together into a single vision.For instance, for a book that introduces FTP servers, web servers, mail (imap/smtp), dns - they are like separate entities. They do not complete the picture by showing a complete network diagram with IDS / VPN, -- showing an example of all of their advice coming together in a working solution. And Kerberos isn't even mentioned.They were extremely specific in some areas like talking about rpm example/debian/ make options and specific .conf options ad nauseum - which detracted from the whole picture. Is someone securing bind 4 really reading this book? Also, maybe a mention of apt-get - - but don't tell me how to install each package on every architecture - it just inflates the word count.I don't think this book was focused enough in the 'big picture' of trying to piece together all of the tiny pieces into a coherant whole, while at the same time it gets cought up in the minute details of certain packages making for a tough read.Perhaps they could have included an actual example company or two showing possible layouts of ldap in action with:login/mail/split-dns/firewalls/database$web.Anyone for OpenBSD?

Great book for school!

Linux Server Security, Second EditionBy Michael D. BauerSecond Edition January 2005ISBN: 0-596-00670-5544 pages, $44.95 US(...)This book goes along with the moving trend of the normal computer user, securing your data. Servers generally are targeted more often than the average home PC because most are made to be accessible from the outside world. This is where securing that server comes into play. This book covers the tools and techniques to securing your Bastion host.First I'd like to start out and explain what Bastion host means as according this book so you can understand what this book covers more specifically. Bastion Host is defined as "A system that runs publicly accessible services but is usually not itself a firewall. Bastion hosts are what we put on DMZ (although they can be put anywhere). The term implies that a certain amount of system hardening has been done, but sadly, this is not always the case."After you understand what a Bastion host is defined as, you should understand that this book mainly covers these server daemons and the systems that run them. But some of the information applies to a Linux desktop system such as a per host iptables firewall, using secure shell, keeping up with your logs, and intrusion detection. Most of these things the average user doesn't care much about but sometimes being paranoid comes in handy.Someone who would most likely use this book more than the average desktop user would probaly be a system administrator. Securing web, database, ftp, dns, and email servers is what majority of this book contains. Along with covering these server systems, there are guides to securing the Linux system that runs these daemons along with designing the networks around these types of hosts.One of the sections I'm most fond of is Chapter 2: Designing Perimeter Networks. With this section you can really take a look at the design and layout of the different types of networks and figure out the portions that suit your needs for your own network. The diagrams shown in this chapter help explain what is going on with the traffic and allows you to see exactly what is going on and at what points the systems are protected.At the end of the book there are 2 well commented iptables firewall scripted that allow you to get a feel for the netfilter iptables system if you're not familiar with it already. With some modification of these scripts you can easily bring them into a working environment depending on your situation, which sometimes these helps with some of the frustration with the iptables syntax. I personally prefer the PF system within OpenBSD for it's clean syntax and have grown away from iptables, but both are powerful firewall systems and should fit the needs of your network.I'd definitely recommend this book to system admins or anyone who is paranoid about their security. Security is always something that people should be educated about.Lloyd RandallPensacola Linux User's Group

This is a somewhat high level walkthrough of all Linux related security issues, from basic networking and operating system issues, to web server configuration and scripting language security. At about 500 pages that's a tight squeeze, even for O'Reilly. Some of the coverage suffers, specifically I found the security information on PHP to be very scanty given the popularity of the language and how often web applications that use it are fraught with SQL injection vulnerabilities.That being said, the writing is excellent, and the coverage that is there, which is at a reasonable level of depth, is solid. In addition, security is something you have to work at, so having an introduction to get you down the road is probably a good idea anyway. I'd like to see the next version have deeper information on web server security, but in the meantime this is a solid walkthrough of Linux security.

The book plays to linux's strengths on server side computing. Where the server controls a subnet of computers that depend on it to connect them to the Internet, or for other resources. Bauer emphasises throughout how to secure the server. Starting with a top down risk analysis and a designing of a perimeter network; typically a DMZ. So he carefully suggests what belongs in the DMZ and what belongs behind it.He deprecates cleartext network communication, in favour of ssh and SSL for remote access. The book has concise explanations of various intrusion detection systems like Nesses and Vlad. Though perhaps if you do decide on using Nessus, you may also want to consult books devoted to it.Overall, the book is a sobering and cautionary tale of current computing. With the best practices recommended here, you can remain reasonably secure.

I bought this book because I wanted more information about IP tables and it had information about everything else I needed to know (Snort, tripwire, etc).It's well written in a nice writing style that is an easy read. I would recomend this not just for server security but for anyone who is running Linux and wants to get clued up about an interesting topic.It was a good purchase, well worth the money.and all the info is still relavant in 2013.

Contiene tutto il necessario per poter gestire la sicurezza di un singolo server e nonostante il tempo trascorso dall'uscita (2005 circa), buona parte dei pacchetti e dei comandi mostrati sono ancora utilizzati o aggiornati. Questa guida non contiene alcune delle novità più recenti di alcune distribuzioni, vedi per esempio firewalld, ma prestando attenzione ai particolari e ai cambiamenti che ci sono stati resta comunque un ottimo punto di partenza in cui vengono presentati anche alcuni aspetti non proprio scontati per un sistemista, come per esempio la stima dei rischi e del costo economico nel caso di un attacco completato con successo.

El libro es bastante bueno y actualizado, lástima que adquirirlo en español es mucho mucho más caro.

Alles super

Sehr gutes Buch mit praktischen Hinweisen zur Absicherung von Linux-Servern und verschiedener Dienste.Das Buch ist bei mir mit Lesezeichen und markierten Texten zum schnellen Erledigen gelegentlich notwendiger Administrationsaufgaben versehen.