[ale] Shipping Real World Linux Security

[Wandered Inn]

Bob's ALE Mail wrote:
>  
> Geoffrey, thanks for this excellent question.  I apologize that it has
> taken this long to reply.  (Please disregard my previous posting on this;
> I was editing when my finger slipped.)
> 
> > Linux Firewalls - Ziegler
> 
> This is a good book and gives far more details on firewalls than my book
> does, though mine takes the reader through the most common firewall
> configurations, including the use of a DMZ.  I recommend it in my book.
> A single home Linux system has no use for a separate firewall.

I don't know about this.  Although the reason I have taken the approach
I have is because I work from home, consquently, I've got more 'up time'
as well as more to protect.  I do have a setup similar to one of
Ziegler's examples which includes a bastion/choke combination.

The way I look at it, if you appear over secure, the cracker will move
on to an easier victim.  Kinda like the guy trolling a parking lot for a
car to steal.  He's going to walk right past the one that has the 'club'
on the steering wheel and warning stickers that say the car has an alarm
system and lojack.

> 
> It's unfortunate, though, that there has been so much hype about firewalls
> that most people think they are all that you need.  In my book I explain
> crackers' common techniques for "tunneling through almost all firewalls"
> and ways to do "end runs" around any of them.

Excellent point, and one I don't find often addressed.

> > Building Internet Firewalls - Zwicky, Cooper, Chapman
> 
> As I recall this is half on UNIX firewalls and half on NT firewalls.  Since
> I, like many others involved in security, consider NT to be too full of
> security bugs and design flaws to be taken seriously as a secure system
> and because the book is on Linux and UNIX, I'm not too interested in this
> book and I cannot recommend it for Linux and UNIX SysAdmins.  For those who
> want to deploy NT firewalls, I hear that it is a good book.

Well, I've found it a bit useful from the Unix perspective, but I don't
know that it provides a lot more than Ziegler's book, just in a
different way.  One thing about Ziegler's book is that it provides the
actual chains.  I've not read BIF completely, but used it primarily as a
reference.  The book is large, because of the coverage of both NT and
UNIX.

> 
> > Maximum Linux Security - Anonymous
> 
> This certainly is direct competition for my book.  I have a copy for
> my research as I do the other books mentioned and many others.
> 
> How does mine differ?
> 
> Frankly Maximum Linux Security (MLS) is mostly about how to break into
> other people's systems and provides far less useful information about how a
> SysAdmin can protect his system against break-in.  First and most obviously,
> a large portion of MLS seems to be comprised of "fluff" or "filler", i.e.,
> information that is not of any use and which I do not particularly
> interesting.

I agree with you on this one, although I did find it a good book from a
reference perspective.  You can take much of what is related from a
cracker's perspective and turn it around and use it from a security
perspective.

> 
> For example, it has too many pages of unneeded printout, portions from
> man pages, and similar information easily obtained from one's system.

I would agree.  This book is much larger then it needed to be.

> In my opinion, Anonymous clearly has very limited SysAdmin experience; 

I would tend to agree.


All in all, I'll be getting a copy of your book.  Thanks for the
treatise.

--
Until later: Geoffrey		esoteric at denali.atlnet.com

"Great spirits have always found violent opposition from mediocre minds.
The
latter cannot understand it when a man does not thoughtlessly submit to
hereditary prejudices but honestly and courageously uses his
intelligence."
- Albert Einstein
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.