BKCGSNSP.RVW 20010728 "The CERT Guide to System and Network Security Practices", Julia H. Allen, 2001, 0-201-73723-X, U$39.99/C$59.95 %A Julia H. Allen %C P.O. Box 520, 26 Prince Andrew Place, Don Mills, Ontario M3C 2T8 %D 2001 %G 0-201-73723-X %I Addison-Wesley Publishing Co. %O U$39.99/C$59.95 416-447-5101 fax: 416-443-0948 bkexpress@aw.com %P 447 p. %T "The CERT Guide to System and Network Security Practices" The preface states that the intended audience for this work is the mid-level system and network administrator. Actually, it uses the plural, giving the first indication that this text is only intended for those working in very large organizations. Chapter one is an overview of the structure of the book, along with a listing of some other resources, and a few general security definitions. Part one deals with securing or hardening computers against attack. Chapter two lists good practices for servers and workstations, providing basic guidelines. There is something of a detailed breakdown of these conventions, as well as considerations that might be useful in policy discussions. However, these are not procedures, and there is very little in the way of system detail. The reader is advised to limit services running on computers. This is a good practice, but there is nothing to indicate how to find out what services are running, nor how to limit or eliminate them once they are found. A number of assumptions have been implicitly made, for example about centralized administration policy, so even the material that is included may not be suitable for all environments. The explanations are reasonable, but rather pedestrian, and there is a great deal of duplication of material (the sections dealing with limiting services running on servers and workstations, for example, are almost identical.) Much the same is true of securing public web servers, in chapter three. Some material is quite specific (specifying the Common Log Format, CLF, for activity files) while other recommendations are vague. Deploying firewalls, in chapter four, is a bit different, in that it does contain some explanation of firewall types and architectures. Unfortunately, this text is very brief, and is padded out with unilluminating illustrations. Part two examines intrusion detection practices. Chapter five covers the preparation and setup of intrusion detection, chapter six the actual detection of intrusions, and chapter seven outlines responses to intrusions. Overall, part two is more useful than part one, since intrusion detection is a newer field, and general concepts are still helpful even if specific details are lacking. Given the complaints I have made about the lack of details, some will respond that I have, heretofore, ignored the fact that there are two appendices in the book, dealing with security implementations and practices. True, these documents exist. In terms of the security implementations, if you are using Solaris 2.x, Tripwire, Logsurfer, and Snort, the additional material may be very useful. Otherwise, it still doesn't address the lack of specifics in the book. This work does provide the security specialist, faced with responsibility for policy creation or maintenance, a handy set of checklists and some framework for the policy process. Use of the text will help remind the professional of areas to be addressed, and prevent certain aspects from slipping between the cracks. The advanced and experienced system administrator may also benefit from the volume, since he or she will likely already know system specifics for a number of the functions required, and probably has some idea of where to find information about others. However, intermediate sysadmins, with an "engineer" level certificate and a few years' work experience, are unlikely to know the details of security operations that have, usually, been seen as a specialty area. Therefore, the audience which will find this book to be useful is a rather narrow one. copyright Robert M. Slade, 2001 BKCGSNSP.RVW 20010728