Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "The CERT Guide to System and Network Security Practices", Julia H. Allen

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Ha
    BKCGSNSP.RVW 20010728 The CERT Guide to System and Network Security Practices , Julia H. Allen, 2001, 0-201-73723-X, U$39.99/C$59.95 %A Julia H. Allen %C
    Message 1 of 1 , Oct 10, 2001
      BKCGSNSP.RVW 20010728

      "The CERT Guide to System and Network Security Practices", Julia H.
      Allen, 2001, 0-201-73723-X, U$39.99/C$59.95
      %A Julia H. Allen
      %C P.O. Box 520, 26 Prince Andrew Place, Don Mills, Ontario M3C 2T8
      %D 2001
      %G 0-201-73723-X
      %I Addison-Wesley Publishing Co.
      %O U$39.99/C$59.95 416-447-5101 fax: 416-443-0948 bkexpress@...
      %P 447 p.
      %T "The CERT Guide to System and Network Security Practices"

      The preface states that the intended audience for this work is the
      mid-level system and network administrator. Actually, it uses the
      plural, giving the first indication that this text is only intended
      for those working in very large organizations. Chapter one is an
      overview of the structure of the book, along with a listing of some
      other resources, and a few general security definitions.

      Part one deals with securing or hardening computers against attack.
      Chapter two lists good practices for servers and workstations,
      providing basic guidelines. There is something of a detailed
      breakdown of these conventions, as well as considerations that might
      be useful in policy discussions. However, these are not procedures,
      and there is very little in the way of system detail. The reader is
      advised to limit services running on computers. This is a good
      practice, but there is nothing to indicate how to find out what
      services are running, nor how to limit or eliminate them once they are
      found. A number of assumptions have been implicitly made, for example
      about centralized administration policy, so even the material that is
      included may not be suitable for all environments. The explanations
      are reasonable, but rather pedestrian, and there is a great deal of
      duplication of material (the sections dealing with limiting services
      running on servers and workstations, for example, are almost
      identical.) Much the same is true of securing public web servers, in
      chapter three. Some material is quite specific (specifying the Common
      Log Format, CLF, for activity files) while other recommendations are
      vague. Deploying firewalls, in chapter four, is a bit different, in
      that it does contain some explanation of firewall types and
      architectures. Unfortunately, this text is very brief, and is padded
      out with unilluminating illustrations.

      Part two examines intrusion detection practices. Chapter five covers
      the preparation and setup of intrusion detection, chapter six the
      actual detection of intrusions, and chapter seven outlines responses
      to intrusions. Overall, part two is more useful than part one, since
      intrusion detection is a newer field, and general concepts are still
      helpful even if specific details are lacking.

      Given the complaints I have made about the lack of details, some will
      respond that I have, heretofore, ignored the fact that there are two
      appendices in the book, dealing with security implementations and
      practices. True, these documents exist. In terms of the security
      implementations, if you are using Solaris 2.x, Tripwire, Logsurfer,
      and Snort, the additional material may be very useful. Otherwise, it
      still doesn't address the lack of specifics in the book.

      This work does provide the security specialist, faced with
      responsibility for policy creation or maintenance, a handy set of
      checklists and some framework for the policy process. Use of the text
      will help remind the professional of areas to be addressed, and
      prevent certain aspects from slipping between the cracks. The
      advanced and experienced system administrator may also benefit from
      the volume, since he or she will likely already know system specifics
      for a number of the functions required, and probably has some idea of
      where to find information about others. However, intermediate
      sysadmins, with an "engineer" level certificate and a few years' work
      experience, are unlikely to know the details of security operations
      that have, usually, been seen as a specialty area. Therefore, the
      audience which will find this book to be useful is a rather narrow

      copyright Robert M. Slade, 2001 BKCGSNSP.RVW 20010728

      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... rslade@... slade@... p1@...
      Inside some of us is a thin person struggling to get out,
      but he can usually be sedated with a few pieces of chocolate cake.
      http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade
    Your message has been successfully submitted and would be delivered to recipients shortly.