Thanks so much to Peter Smith for announcing on linuxsecurity.com the release of his Linux Network Security book available free online. "In 2005 I wrote a book on Linux security. 8 years later and the publisher has gone out of business. Now that I'm free from restrictions on reproducing material from the book, I have decided to make the entire book available online."
Linux security is an important topic, but one which is frequently overlooked by busy system administators. Yet with both the Internet and Linux continuing to grow in popularity, the security of Linux in the network has never been more important.
In 2005 I wrote a well-received book on the subject, which attempted to provide a comprehensive guide to securing a Linux server on a network - be it a LAN or the Internet. With the original publisher now defunct I've decided to make the full book available online on my website.
Of course, things have changed a lot since 2005. Back then the 2.4 kernel series was still in widespread use, with many administrators sticking with ipchains rather than the newer iptables. As such the book spends some time looking at the basics of iptables, and two of the appendixes are devoted to security/networking features of the 'new' 2.6 kernel. Similarly, the second chapter - which looks in detail at DoS and TCP/IP attacks against Linux - feels a little dated now: smurf attacks are so last millenium, while Kevin Mitnick's famous TCP/IP spoofing attack on Tsutomu Shimomura belongs to a golden era which suddenly seems very long ago. Still, there is plenty of technical information in this chapter for the curious, and many of the attacks (in particular SYN flooding and packet sniffing on switched LANs) still exist today, albeit in slightly modified form.
Linux security isn't just about hardening your Internet-facing network against script kiddies. Many intrusions are 'inside jobs', and the book spends a significant amount of time looking at physical security and the LAN - in particular packet sniffing, ARP spoofing, and Ethernet. The sections on packet filtering and network topologies also avoid the trap of thinking that only public-facing devices are at risk, and instead describe a network resilient to abuse from both the inside and the outside.
Most of the book is aimed at intermediate level users; for instance, a whole chapter is devoted to basics such as sudo, turning off unnecessary services, user permissions, strong passwords and PAM; while another chapter takes you though network analysis tools such as namp, nessus and nikto. However, my favorite parts of the book are those which stray into more advance subjects: early on you'll find a few pages devoted to how buffer overflow attacks work, while later sections look at techniques to protect against them. You'll also learn how systrace can be used to tightly control the system calls that an application may make, and how more advanced levels of access control can be implemented through LIDS, grsecurity, and SELinux (which was also in its infancy when the book was written).
Although Linux security has evolved a lot in the past 8 years - for instance, WiFI is only covered briefly, and web exploits are not mentioned at all (although it could be argued that most of these are attacks against the application stack rather than Linux itself) - many issues remain as relevant today as they did back then, and Linux Network Security provides plenty of useful information for the system administrator and home user.
About the Author
Peter Smith is a Linux consultant and web developer from the UK. For the past 15 years he has been helping clients across the world with issues as diverse as spam filtering, security auditing, perl scripting and server management. In recent years LAMP performance has become one of his main interests, and culminated in the release of his second book, Professional Website Performance in 2012.
The link for this article located at Peter Smith is no longer available.