REVIEW: "The CERT Guide to System and Network Security Practices", Julia H. Allen
- BKCGSNSP.RVW 20010728
"The CERT Guide to System and Network Security Practices", Julia H.
Allen, 2001, 0-201-73723-X, U$39.99/C$59.95
%A Julia H. Allen
%C P.O. Box 520, 26 Prince Andrew Place, Don Mills, Ontario M3C 2T8
%I Addison-Wesley Publishing Co.
%O U$39.99/C$59.95 416-447-5101 fax: 416-443-0948 bkexpress@...
%P 447 p.
%T "The CERT Guide to System and Network Security Practices"
The preface states that the intended audience for this work is the
mid-level system and network administrator. Actually, it uses the
plural, giving the first indication that this text is only intended
for those working in very large organizations. Chapter one is an
overview of the structure of the book, along with a listing of some
other resources, and a few general security definitions.
Part one deals with securing or hardening computers against attack.
Chapter two lists good practices for servers and workstations,
providing basic guidelines. There is something of a detailed
breakdown of these conventions, as well as considerations that might
be useful in policy discussions. However, these are not procedures,
and there is very little in the way of system detail. The reader is
advised to limit services running on computers. This is a good
practice, but there is nothing to indicate how to find out what
services are running, nor how to limit or eliminate them once they are
found. A number of assumptions have been implicitly made, for example
about centralized administration policy, so even the material that is
included may not be suitable for all environments. The explanations
are reasonable, but rather pedestrian, and there is a great deal of
duplication of material (the sections dealing with limiting services
running on servers and workstations, for example, are almost
identical.) Much the same is true of securing public web servers, in
chapter three. Some material is quite specific (specifying the Common
Log Format, CLF, for activity files) while other recommendations are
vague. Deploying firewalls, in chapter four, is a bit different, in
that it does contain some explanation of firewall types and
architectures. Unfortunately, this text is very brief, and is padded
out with unilluminating illustrations.
Part two examines intrusion detection practices. Chapter five covers
the preparation and setup of intrusion detection, chapter six the
actual detection of intrusions, and chapter seven outlines responses
to intrusions. Overall, part two is more useful than part one, since
intrusion detection is a newer field, and general concepts are still
helpful even if specific details are lacking.
Given the complaints I have made about the lack of details, some will
respond that I have, heretofore, ignored the fact that there are two
appendices in the book, dealing with security implementations and
practices. True, these documents exist. In terms of the security
implementations, if you are using Solaris 2.x, Tripwire, Logsurfer,
and Snort, the additional material may be very useful. Otherwise, it
still doesn't address the lack of specifics in the book.
This work does provide the security specialist, faced with
responsibility for policy creation or maintenance, a handy set of
checklists and some framework for the policy process. Use of the text
will help remind the professional of areas to be addressed, and
prevent certain aspects from slipping between the cracks. The
advanced and experienced system administrator may also benefit from
the volume, since he or she will likely already know system specifics
for a number of the functions required, and probably has some idea of
where to find information about others. However, intermediate
sysadmins, with an "engineer" level certificate and a few years' work
experience, are unlikely to know the details of security operations
that have, usually, been seen as a specialty area. Therefore, the
audience which will find this book to be useful is a rather narrow
copyright Robert M. Slade, 2001 BKCGSNSP.RVW 20010728
====================== (quote inserted randomly by Pegasus Mailer)
rslade@... rslade@... slade@... p1@...
Inside some of us is a thin person struggling to get out,
but he can usually be sedated with a few pieces of chocolate cake.
http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade