|
 |
|
 |
 |
The CERT(R) Guide to System and Network Security Practices (The SEI Series in Software...
|
by Julia H. Allen
Sales Rank: 183498
|
List Price: $39.99
$32.60
At Amazon
|
|
Paperback: 480 pages
Publisher: Addison-Wesley Professional June 17, 2001
Language: English
ISBN-10: 020173723X
ISBN-13: 978-0201737233
Product Dimensions:
9.2 x 7.4 x 1.2 inches
Shipping Weight: 1.8 pounds
Product Review
Black-hat hackers--that is, malicious people who want to break into your networks and machines--are proliferating, it's true. But the number of systems available for them to attack is growing at an even faster clip, which means you can head off a lot of attacks on your Internet-connected resources by following the advice in The CERT Guide to System and Network Security Practices. Julia Allen has distilled a series of "best practices" documents from the CERT Coordination Center (a clearing-house for information about computer attacks) into readily absorbable advice on computer security. She shows how to configure systems for inherent resistance to attack, how to set up logs and intrusion detection tools as early and reliable tripwires, and, to a lesser extent, how to deal with an attack in progress.
Allen's approach is not focused on the details of particular operating systems, applications, or items of equipment, though she does include some such information in a sizable appendix. Most of the time, procedural outlines are phrased generically ("Disable the serving of Web server file directory listings"). It's up to you to figure out what the steps mean, specifically, in terms of your hardware and software. The advice is carefully researched and therefore valuable. If implemented carefully, Allen's recommended practices should deter all but the most determined hackers from harassing your systems. --David Wall
Topics covered: Techniques for hardening computers and networks against compromise by malice-minded hackers, detecting break-ins and other attacks when they occur, and designing security policies to minimize potential damage. Specific advice has to do with locked-down workstations, servers in DMZs, firewalls, and intrusion detection utilities.
Book Info
(Cert Books) Guide to protecting systems and networks from compromise, for system administrators. Covers two main issues: dealing with and hardening security systems, and intrusion protection and response. Covers up to 80 percent of the security incidents reported to the CERT/CC. Softcover. DLC: Computer security.
Customer Reviews & Comments
This book contains a security approach that is based on the collective experience and statistical analysis of the CERT Coordination Center. The contents of this book are authoritative and well structured. Structure is based on a five layer (or step) approach to securing information assets that consists of 52 distinct practices. The layers correspond to stages in a process that encompasses (1) hardening and securing assets, (2) developing and implementing detection and response practices [prepare], (3) intrusion detection, (4) intrusion response and (5) improve. Hardening and securing assets consumes nearly the first half of the book. The practices systematically address the essentials for securing servers and workstations, web servers and firewalls. Every facet is addressed from configuration advice to specific exposures. These are the minimum practices that need to be in place and if these practices are implemented and actively managed approximately 80% of common exposures will be eliminated. The remainder of the book leads you through setting up intrusion detection and response practices (including an excellent set of steps and considerations for establishing policies and procedures), how to detect signs of intrusion and how to assess the impact of the intrusion and respond appropriately. Two highlights are the appendices. Appendix A covers in great detail some of the finer points of securing Solaris 2.x (you will need to tailor this information for HP/UX, Linux and AIX). The reason Solaris is chosen is because it is one of the most widely used operating systems on the Internet. Among the finer points are: installing and configuring Tripwire, SSH, Logsurfer, Spar and Tcpdump; understanding system log files, and writing rrules and understanding alerts for Snort. URLs are provided to sites from which you can obtain the third-party security facilities, such as Tripwire, Logsurfer, etc. Appendix B is a concordance of practices and how they should map to a comprehensive security policy. This is especially valuable because you can check your own policies against each of the 52 practices to make sure all are covered in your security policy. This book is an important work that is an essential reference for anyone who is responsible for security. This responsibility extends beyond the role of security officer or team member into architecture, network operations and production support (to name a few areas that need to be closely involved). The book will give you the foundation for an effective, responsive security program, but needs to be augmented by keeping up with trends and emerging threats and exposures. To this end the URLs to CERT/CC and other security-related sites are a necessary adjunct to this book. It merits 5 stars and my rare recommendation as a "must have".
Comment | Permalink |
(Report this)
|
The CERT(R) Guide to System and Network Security Practices (The SEI Series in Software...
List Price: $39.99
Available from Amazon
Price: $32.60
| |
|
|
|
|
