Security has always been a concern when using a computer. First, we thought physical security was enough. After all, if the computer is in the house, how could anyone else get to it? But in today’s world, many of us live with our computers on-line twenty-four/seven. Security is not just loading up the latest protection software, but being aware of how the “bad guys" attack. Good security also requires vigilant testing and, since no one wants to simply issue a challenge to the “bad guys" and see what happens—they don’t typically fill out trouble tickets—we need to use tools that can simulate these attacks.
It would also be helpful to know what to do after a vulnerability has been identified. O’Reilly Media, Inc. has provided us with an excellent collection of security tools in an appropriately titled book—Security Power Tools. Over twelve authors have collaborated to cover this topic thoroughly. With a peer group such as this, you know they had to defend their choice of tools as the best ones for the job. These authors have a great deal of experience and know their tools. They use them in their daily work and bring their personal experiences to each chapter.
The book’s cover
The first impression of the book? This book is huge! It is going to take quite awhile to appreciate all the tips and pointers given. But knowing that these tools have been identified and collected into one place, even though it’s a big place, makes the issue of security seem more manageable. Security is a workable topic and not something to be feared. Reading through the first chapter on legal and ethics issues was quite encouraging. Sometimes lawyers, just like us tech folks, speak in a language all of their own. But the writing here is quite clear and actually interesting to read. The chapter will help you identify when it’s time to seek proper council and that was encouraging as well.
Some of the other chapters will not give you this warm and fuzzy level of comfort though. Some of the discussions on system penetration, exploitation, back-doors and root-kits were not comforting to read at all! But when you move on to the section on defense, you will discover topics with words in the titles like: proactive, securing, hardening, and anti-spam. I was quite happy and encouraged once again.
“This is not a simpleton’s instruction manual."
The book really does cover an amazing amount of ground. Inside the 856 pages are twenty three chapters grouped into sections covering: legal and ethics, reconnaissance, penetration, control, defense, monitoring and discovery. Each chapter is typically written by one or two authors and will reflect those authors style. There are coding examples, screen captures, command line instructions and a good deal of commentary included. All these things work together to give you a very clear picture of the information being presented. For such a physically large book, it lays open easily and is good to work with on a desk. The length and width of the book are a standard 9.25" x 7" (23.5cm x 17.8cm) respectively, but the thickness is almost 2" (5cm). Don’t drop this book on your toe!
Who’s this book for?
There are a lot of different tools discussed. Different tools for different jobs. But in order to keep the size of the book small enough to still be considered portable, without mechanical assistance, assumptions have to be made. Specifically, the assumption that you know the basics and are looking for more specific details about what needs to be done and how to do it. If you are responsible for the security of your systems, you should have this book. Even if some of the tools are familiar, you will benefit from knowing how other people use them and may find a new use for those same tools. If you are simply concerned about security in general, this book might help you when discussing threats and solutions with your peers. Security may not be your main job, you might work in a small company without clearly identified job descriptions. Using this book could make you the hero if you can not only identify weaknesses but offer solutions as well. Perhaps you outsource your IT help. Using some of these tools to test your current system will help you identify where they need to be strengthening your defenses. Finally, if you’ve never thought about security before and have no interest in learning then this book might make a good gift to give to someone else. Regardless, it is a big enough book to have something in it for everyone.
Relevance to free software
This book covers the major operating systems: Windows, GNU/Linux, Mac OS, Unix, and a few others. There are proprietary tools that are reviewed and recommended. After all, the book is written about security. Free software proponents will be proud at the list of tools covered though. When a “free" tool is the best one, it is given proper credit as such. But don’t gloat if a particular vulnerability is talked about in someone else’s OS. Stick to the high road and realize that security is something everybody needs more of, your systems included. When I think about how many people and how many systems have access to and copies of my personal information, I really want every system to be more secure regardless of the operating system.
Knowing how to protect your self, your computer, and your freedom is essential to keeping those very same things alive. As a user of free software, you will win more friends by offering solutions to problems. After your new friends realize how you helped protect their systems once, they will be more receptive to being “helped" again. This is when you can plant the seeds of freedom and start opening their eyes to a better, more secure, way of doing business.
The “bad guys" stay up late reading too
This book brings many topics and many tools together. It is a collection of solutions brought together by competent professionals who rely on these tools in their work. Trial and error is a dangerous way to learn about security issues. Here is a book that can identify not only your systems’ weaknesses, but it can help you strengthen the systems as well.
Once again, ignorance is bliss. I had no idea how simple, nor how clever, some of these security attacks could be. Awareness of the problems will be forcing me to change some habits. My blissful state has slipped a little thanks to this book, but the security of my systems has increased.
||Security Power Tools
||Bryan Burns, Jennifer Stisa Granick, Steve Manzuik, Paul Guersch, Dave Killion, Nicolas Beauchesne, Eric Moret, Julien Sobrier, Michael Lynn, Eric Markham, Chris Iezzoni, Philippe Biondi
|Over all score