The CERT Guide to System and Network Security Practices - Softcover

Review

Black-hat hackers--that is, malicious people who want to break into your networks and machines--are proliferating. The CERT Guide to System and Network Security Practices aims to help you head off attacks on your Internet-connected resources before they occur. Julia Allen has distilled a series of "best practices" documents from the CERT Coordination Centre (a clearinghouse for information about computer attacks) into readily absorbable advice on computer security. She shows how to configure systems for inherent resistance to attack, how to set up logs and intrusion detection tools as early and reliable "tripwires" and, to a lesser extent, how to deal with an attack in progress.

Allen's approach is not focused on the details of particular operating systems, applications or items of equipment, though she does include such information in a sizable appendix. Most of the time, procedural outlines are phrased generically ("Disable the serving of Web server file directory listings"). It's up to you to figure out what the steps mean, specifically, in terms of your hardware and software. The advice is carefully researched and therefore valuable. If implemented carefully, Allen's recommended practices should deter all but the most determined hackers from harassing your systems. --David Wall

Topics covered: Techniques for hardening computers and networks against compromise by malice-minded hackers, detecting break-ins and other attacks when they occur and designing security policies to minimise potential damage. Specific advice has to do with locked-down workstations, servers in DMZs, firewalls and intrusion detection utilities.

From the Back Cover

As the Internet and other information infrastructures have become larger, more complex, and more interdependent, unauthorized intrusions into computer systems and networks have become more frequent and more severe. It is increasingly critical that an organization secure the systems it connects to public networks. The CERT Coordination Center ®, the first computer security response group, was established to help systems administrators meet these challenges by publishing advisories and developing key security practices, implementations, and tech tips on a timely basis. The CERT ® Guide to System and Network Security makes these practices and implementations available for the first time in book form.

With a practical, stepwise approach, the book shows administrators how to protect systems and networks against malicious and inadvertent compromise. If you are installing, configuring, operating, or maintaining systems or networks--or managing any of those functions--you will find here easy-to-implement guidance to protect your information infrastructure. The practices are platform- and operating-system independent; however, several procedural and tool-based implementations are provided to illustrate the technology-specific guidance that is freely available from the CERT Web site (www.cert.org).

The book is divided into two main parts, the first dealing with hardening and securing your system--preventing problems in the first place. The second part covers intrusion detection and response, recognizing that even the most secure networks and systems cannot protect against every conceivable threat. The practices selected for the book are based on CERT's extensive data on security breaches and vulnerabilities, providing an authoritative view of the most common problems system and network administrators confront.

See how to:

• Secure general-purpose network servers and user workstations
• Configure public Web servers to operate securely including the use of authentication and encryption technologies
• Configure, test, and deploy firewall systems
• Detect, respond to, and recover from intrusions
• Implement selected practices on systems running a Solaris 2.x operating system
• Identify practice-related topics to address in your security policies