February 1, 2005
"Linux Server Security": Beyond the Patch Rat Race--Tools and Best Practices for Bastion Hosts
Sebastopol, CA--Most people agree that a sufficiently skilled and
determined attacker can compromise almost any system, even if you've
carefully considered and planned against likely attack vectors. "It
therefore follows," observes Michael D. "Mick" Bauer, author of Linux
Server Security (O'Reilly, US $44.95), "that if you don't plan for even
the most plausible and likely threats to a given system's security, that
system will be particularly vulnerable." Considering, however, that most
servers experience casual probe attempts dozens of times each day and
serious break-in attempts occur with regular frequency, planning for
"likely" threats will seldom be enough.
"The recent, unprecedented growth in automated attacks, especially in the
form of worms, viruses, and Trojans, has really amplified the
ramifications of system vulnerabilities," notes Bauer. "Since these crop
up relentlessly and unpredictably, it's more important than ever that any
Internet-connected Linux system be not only patched, but very carefully
configured to contain both anticipated and unanticipated security failures.
"Put another way," Bauer adds, "the bad news is that the patch rat race is
futile, and sooner or later your system will be exposed to an unpatched
security hole; the good news is that there are lots of other things you
can do to prevent one hole being used to compromise your entire system.
My book explains what those techniques are and how to use them."
Bauer, who is a security consultant, network architect, and lead author of
the popular Paranoid Penguin column in "Linux Journal," carefully outlines
security risks, defines precautions that can minimize those risks, and
offers recipes for robust security. He is joined on several chapters by
administrator and developer Bill Lubanovic.
Linux Server Security combines practical advice with a firm knowledge of
the technical tools needed to ensure server security. The book focuses on
the most common use of Linux--as a hub offering services to an
organization or the Internet--and shows readers how to harden their hosts
against attacks. It's a unique but much needed approach, as Bauer
explains: "Most of the books on Linux security are either very broad,
touching on many different security concepts but lacking detailed
procedures for how to secure things. Or they're focused on possible
attacks and how they work, rather than on detailed defensive techniques.
It seemed to me that what the world needed was a step-by-step manual for
securing Internet-connected Linux servers, both at the Operating System
level and at the application level. Naturally, I couldn't cover all
possible applications or usage-scenarios, but my book covers popular
applications in a number of different spaces: DNS, SMTP, FTP, WWW,
remote administration, etc., and in most of these spaces I cover more
than one application."
This new edition of Linux Server Security, originally titled Building
Secure Servers with Linux, covers a number of new security topics,
Database security, with a focus on MySQL
The use of OpenLDAP for authentication
An introduction to email encryption
The Cyrus IMAP server, a popular mail delivery agent
The vsftpd FTP server
Beginning with the fundamentals, Linux Server Security explains security
concepts and techniques in clear language, so that Linux users with
minimal knowledge of security will be able to grasp and apply its lessons.
The book provides a unique blend of "big picture" principles that
transcend specific software packages and version numbers, and practical
procedures for securing some of those software packages on several popular
distributions. With this book in hand, Linux administrators will have
everything they need to ensure the robust security of their Linux systems.
Praise for the previous edition, Building Secure Servers with Linux:
"From the author of Linux Journal's 'Paranoid Penguin' column comes what
may be the best-ever, common sense guide to securing network attached
Linux servers. While Bauer admits that the only true way to secure a
server is by disconnecting it and powering it down, he writes for those
who must maintain always-on, connected servers (and for whom other
suggested securing techniques such as drive degaussing and pulverizing are
simply out of the question)...The concepts and methods applied in this
book give the Linux Administrator not only a wonderful guide to the
intricacies of systems security, but also a conceptual toolbox and a deep
understanding of common sense security techniques. Recommended."
--Wayne Bridges, Kickstartnews.com
"Of particular interest to admins of larger and/or more complex networks
is the discussion on how to assess the most vulnerable part of your
network in order to prioritize the process of securing it...Look at the
table of contents. Each subject mentioned therein is dealt with clearly,
consistently, and comprehensively. Read the preface and back cover.
Everything promised is fulfilled within the book. They also provide an
excellent guide as to whether the information you are looking for is
contained within. If that's the case, I recommend this book."
--Helen McManus, LinuxChix
"Building Secure Servers with Linux really does provide an excellent
practical guide to best practices for secure hosts. Anyone seeking to set
up any manner of internet service would be well advised to start here."
--Martin Howse, Linux User & Developer, Issue 26
Further reviews of the first edition can be found here.
Linux Server Security, Second Edition
Michael D. Bauer
ISBN: 0-596-00670-5, 522 pages, $44.95 US, $65.95 CA
O'Reilly Media spreads the knowledge of innovators through its books, online services, magazines, and conferences. Since 1978, O'Reilly Media has been a chronicler and catalyst of cutting-edge development, homing in on the technology trends that really matter and spurring their adoption by amplifying "faint signals" from the alpha geeks who are creating the future. An active participant in the technology community, the company has a long history of advocacy, meme-making, and evangelism.
Return to: O'Reilly Press Room
Recent Press Releases
Press Release Archive »
Media Relations - North America
Media Relations - Germany
Media Relations - Japan
Media Relations - United Kingdom
Media Relations - Conferences