Hack Notes: Linux and Unix Security Portable Reference by Nitesh Dhanjani (McGraw-Hill/Osborne, $54.95)
The size of most Linux and Unix security reference books is enough to make a grown sys-admin weep. With the Hack Notes series of portable reference books, McGraw-Hill/Osborne is addressing the information overload problem by providing a concise security reference that is quick and easy to use.
In the first part of the book we are taken through tools and techniques used by hackers to maliciously attack hosts, from footprinting to obtaining a remote shell and hiding their tracks, in a logical brief progression. This complete overview is invaluable in understanding hacking methodologies.
To achieve the conciseness, little time is spent explaining the mechanics of each hacking technique, but the “Reference Centre” in the middle of the book provides a list of further resources and other useful information. In the final section of the book we return to hacking but with an emphasis on wireless hacking and customising hacking tools.
If the conciseness of Linux and Unix Security Portable Reference ever lets it down, it is in the section on host hardening. Early in the book we are told to use a stateful firewall to protect our networks, yet TCP wrappers are mentioned only very briefly and Linux’s powerful built-in packet filter, ipchains, and it’s stateful equivalent, iptables, are not even mentioned. Neither are techniques for host monitoring such as Tripwire. To follow only the guidelines in this section of the book could leave you with a network that is difficult to maintain and not very well protected. However, this diverse topic would always be difficult to cover in a few pages.
As a quick reference on hacking for the seasoned sysadmin, or as a starting point for understanding techniques used by hackers, Hack Notes is a valuable resource. Coupled with a book like Linux Administration Handbook (Pearson Education) it may be all you ever need to carry, and you won’t need a note from your chiropractor giving you permission. Read it before a hacker near you does.
Clitheroe is systems developer at the Institute of Geological and Nuclear Sciences.