O’Reilly news

Expert Recipes to Bolster Security: O'Reilly Releases "Linux Security Cookbook"

June 18, 2003

Sebastopol, CA--Recipes for security? The mere suggestion would raise a few skeptical eyebrows among security experts. For computer security is not a simple matter; it is, rather, an ongoing process, a relentless contest between system administrators and intruders. A good administrator needs to stay one step ahead of any adversaries, which often involves a continuing process of education. But if you're well grounded in the basics of security, you won't necessarily want a complete treatise on the subject each time you pick up a book. Sometimes you'll want to get straight to the point. That's exactly what the new Linux Security Cookbook by Daniel J. Barrett, Richard E. Silverman, and Robert G. Byrnes (O'Reilly, US $39.95) will help readers do. Rather than provide a total security solution for Linux computers, the authors present a series of easy-to-follow recipes--short, focused pieces of code that administrators can use to improve security and perform common tasks securely.

The "Linux Security Cookbook" is a repository of useful and important recipes to be used within a well thought-out security policy. "Security tools often have numerous options, configuration parameters, and so forth, requiring the reader to dig through documentation," notes coauthor Barrett. "The cookbook format provides a shortcut, presenting the precise syntax needed for common, important security tasks."

"The 'Linux Security Cookbook' is accessible, without being simplistic, which would be especially dangerous for security," adds Byrnes. "The effectiveness of a security solution is only as good as the weakest link.

"There's a vast literature dedicated to computer security, but that can be daunting for anyone who is trying to find a way to get started," Byrnes adds. "There are also a lot of products that purport to offer 'security in a box,' but those never work because you can't just set up a firewall or intrusion detection system and think that your security problems are over. We offer specific recipes that are useful as both standard operating procedure as well a learning tools, and we tell people how to learn more."

The "Linux Security Cookbook" includes real solutions to a wide range of targeted problems, such as sending encrypted email within Emacs, restricting access to network services at particular times of day, firewalling a web server, preventing IP spoofing, setting up key-based SSH authentication, and much more. With more than 150 ready-to-use scripts and configuration files, this unique book helps administrators secure their systems without having to look up specific syntax.

The book begins with recipes devised to establish a secure system, then moves on to secure day-to-day practices, and concludes with techniques to help a system stay secure.

Some of the recipes in the "Linux Security Cookbook" are:

  • Controlling access to your system at various levels, from your firewall down to individual services, using iptables, ipchains, xinetd, inetd, and more

  • Monitoring your network with ethereal, dsniff, netstat, and other tools

  • Protecting network connections with SSH and SSL

  • Detecting intrusions with tripwire, snort, tcpdump, logwatch, and more

  • Securing authentication with cryptographic keys, Kerberos, and PAM, and authorizing root privileges with sudo

  • Encrypting files and email messages with GnuPG

  • Probing your own security with password crackers, nmap, and handy scripts

This cookbook's proven techniques are derived from hard-won experience. Whether readers are responsible for security on a home Linux system or for a large corporation, or somewhere in between, they'll find valuable, to-the-point, practical recipes for dealing with everyday security issues.

Praise for the "Linux Security Cookbook":

"An outstanding, functional collection of the most recent tools for the safe running of your Linux systems."
--Sandra O'Brien, Security consultant, Keynote Security, LLC

"This book is useful for the beginner learning practical tasks, and for the professional who wants to look up something done long ago. I like the concise style covering most of the everyday technical work in security administration."
--Klaus Miller, DFN-CERT GmbH

Additional Resources:

Linux Security Cookbook
Daniel J. Barrett, Richard E. Silverman, and Robert G. Byrnes
ISBN 0-596-00391-9, 311 pages, $39.95 (US), $61.95 (CAN), 28.50 (UK)
1-800-998-9938; 1-707-827-7000

About O’Reilly

O’Reilly Media spreads the knowledge of innovators through its books, online services, magazines, and conferences. Since 1978, O’Reilly Media has been a chronicler and catalyst of cutting-edge development, homing in on the technology trends that really matter and spurring their adoption by amplifying “faint signals” from the alpha geeks who are creating the future. An active participant in the technology community, the company has a long history of advocacy, meme-making, and evangelism.

Email a link to this press release