Wednesday, May 11, 2005

Multiple New Pre-Reviews

I've received many new books in the last two weeks. Here are some pre-reviews. First we have Mastering FreeBSD and OpenBSD Security by Bruce Potter, Paco Hope, and Yanek Korff, published by O'Reilly. I have been looking forward to this book for a while. I use both operating systems to build security appliances, and that sort of work is the subject of this book. I would have preferred if the authors avoided discussing Snort and ACID, though. This is the umpteenth time I've seen "IDS" boiled down to those two well-worn and not-very-effective "solutions." Snort, yes. ACID, no. I would have been less disturbed if at least BASE, the replacement for ACID, was profiled. But no. Still, this will be the first book in the pack I plan to read.

Next we have Snort Cookbook by Angela D. Orebaugh, Simon Biles, and Jacob Babbin, published also by O'Reilly. This is O'Reilly's second Snort book in nine months. The last was Mangling Security with Snort & IDS Tools. Ok, the real title has "Managing," but I explained why I avoided that book in this post.

I'm a little worried about this new Snort book. First, imagine which Snort console is presented? You guessed it -- ACID. Ugh, no Sguil. This is a shame, as one of this book's authors attended the Sguil presentation I gave at the DC Snort Users Group meeting last June. Second, and more worrisome, the advice on taps is faulty. On p. 21, we read the following:

"If your Snort machine has only one network interface, using the passive tap, run both lines to a small hub. Then from another port of the hub, run a cable to your IDS. This will combine and maybe even buffer the traffic for the IDS and give a full duplex connection."

Wrong -- this is a nice way to never see traffic when full-duplex packets from the two transmit lines collide in the hub. The "maybe even buffer the traffic" part is funny, too. I wrote about this bad configuration in my first book and in this January 2004 post when I caught Finisar making the same mistake.

Another yellow-covered book, but I have higher hopes for this one. It's Network Security Tools: Writing, Hacking, and Modifying Security Tools by Nitesh Dhanjani and Justin Clarke, published by O'Reilly. I worked with Nitesh at Foundstone. This book reminds me of Building Open Source Network Security Tools: Components and Techniques by Mike Schiffman. NST describes how to extend Nessus, Ettercap, Nikto, and Metasploit, as well as write sniffers and packet creators. All cool.

My penultimate O'Reilly book is Apache Security by Ivan Ristic. Ivan wrote the mod_security Apache module and maintains a Web Security Blog. I would describe mod_security as a policy enforcement system for Apache, but the common market-speak would be host IPS. Ivan sent me a copy of his book specifically to review (thank you), but I will not be able to get to it immediately. It looks like just the book for anyone wishing to deploy Apache securely, however.

My last O'Reilly book is Windows Server Cookbook For Windows Server 2003 & Windows 2000 by Robbie Allen. This book looks like a good companion to Learning Windows Server 2003. Windows Server 2003 is an OS I need to become more familiar with, since I expect to encounter it more often. O'Reilly Windows books tend to be very good, considering O'Reilly's open source advocacy and its historical ties to the UNIX community. I hope I can find time for both Windows books.

I'm not sure when I'll get to this book, but I'll mention it anyway: InfoSec Career Hacking by Aaron W. Bayles, Chris Hurley, Johnny Long, and Ed Brindley. I'll read j0hnny's chapter on building a Knoppix-based test lab, but the others seem somewhat dubious. I don't see how a whole book could give advice on "landing (and keeping) a job in the infosec field." For example, the "incident response" chapter (11) looks extremely weak.

And now for something completely different -- Networking and Internetworking with Microcontrollers by Fred Eady, published by Elsevier imprint Newnes. Fred also has Implementing 802.11 with Microcontrollers: Wireless Networking for Embedded Systems Designers due out in September, and he writes articles for Circuit Cellar magazine. Reading this book is another opportunity for me to become more familiar with networking hardware.

If anyone has read any of these books already, please post your thoughts.

No comments: