ÆLEEN FRISCH

the bookworm

Æleen Frisch is a system adminis- trator and writer living in Connecticut (www.aeleen.com). Books Reviewed in this Column [email protected] FORENSIC DISCOVERY SENDMAIL MILTERS: A GUIDE FOR Dan Farmer and Wietse Venema FIGHTING SPAM Addison-Wesley, 2004, 0-201-63497-X, Brian Costales and Marcia Flynt 217 pp. Addison-Wesley, 2005, 0-321-21333-5, BUILDING A LOGGING 347 pp.

INFRASTRUCTURE LIN UX APPLICATION DEVELOPMENT, Abe Singer and Tina Bird 2ND EDITION Short Topics in System Administration Michael K. Johnson and 12, USENIX Association, 2004, Erik W. Troan 1-931971-25-0, 82 pp. Addison-Wesley, 2005, 0-321-21914-7, TROUBLESHOOTING LINUX FIREWALLS 732 pp.

Michael Shinn and Scott Shinn JAVA APPLICATION DEVELOPMENT Addison-Wesley, 2005, 0-321-22723-9, ON LIN UX 381 pp. Carl Albing and Michael Schwarz

I NTERN ET DENIAL OF SERVICE: Prentice-Hall, 2005, 0-13-143697-X, ATTACK AND DEFENSE MECHANISMS 598 pp.

Jelena Mirkovic, Sven Dietrich, KNOPPIX HACKS: 100 INDUSTRIAL- David Dittrich, and Peter Reiher STRENGTH TIPS & TOOLS Prentice-Hall, 2004, 0-13-147573-8, Kyle Rankin 400 pp. O’Reilly, 2005, 0-596-00787-6, THE EXECUTIVE GUIDE TO 314 pp. + CD. INFORMATION SECURITY: THREATS, CHALLENGES, AND SOLUTIONS Mark Egan with Tim Mather Addison-Wesley Symantec Press, 2005, 0-32-130451-9, 288 pp.

SLAMMING SPAM: A GUIDE FOR SYSTEM ADMINISTRATORS Robert Haskins and Dale Nielsen Addison-Wesley, 2005, 0-13-146716-6, 420 pp.

;LOGIN: APRI L 2005 TH E BOOKWORM 49 I am thrilled and honored to be book’s final part, the authors have THREE MORE ON SECURITY taking over from the illustrious compiled and performed a number The authors of Troubleshooting Peter Salus as the Bookworm. This of useful experiments that enable Linux Firewalls describe their month’s books are a somewhat them to make very specific quanti- books as including “the Tao of fire- random set, as the review copy tative statements (e.g., how long wall security, the Zen of trou- pipes are just getting started for trace data from a deleted file can bleshooting, and the nitty-gritty me. be expected to linger under vari- step-by-step instructions to fix a ous system usage scenarios). This problem.” This is a good descrip- kind of information is needed to FEATURED: FORENSIC DISCOVERY tion of their approach to their make both analysis and prevention topic. The book does a very good Dan Farmer and Wietse Venema planning practical (or even feasi- job of handling the second and are best known collectively as the ble). third of these items, which is the authors of the SATAN security This book is extremely useful for a main thrust of their book. The first evaluation application. However, wide spectrum of readers. People topic, firewall security, covered in they are also the authors of the one who are just getting started with two early chapters, seems a bit of the most important security computer forensic analysis will rushed (more space needs to be articles in the literature, “Improv- find it a clear and useful first book given to system hardening in par- ing the Security of Your Site by that will provide additional bene- ticular). The book focuses on Red- Breaking into It,” which explained fits on rereading. At the other Hat and SuSE Linux, but the prin- the concept of (implicit) transitive extreme, experienced security ciples and many of the specifics trust. Venema and Farmer have administrators will appreciate the apply to almost any Linux distri- collaborated on a new software authors’ clarity and insight in bution. tool, the Coroner’s Toolkit, for per- thinking about forensics in general Internet Denial of Service: Attack forming post-break-in analysis; and the specific discovery/analysis and Defense Mechanisms is an in- this is also the subject of their new operations in particular. I always depth treatment of DoS and DDoS book (the software appears at vari- find that reading Dan and Wietse’s attacks and ways of responding to ous points throughout the book work inspires me to strive for and preventing them. The authors and is discussed in an appendix). greater excellence in my own. constitute a DoS dream team. Not The book is divided into three surprisingly, the level of detail, parts, covering an overview of TH E DEFIN ITIVE WORK ON LOGGING understanding, and technical forensics and related concepts, expertise is consistently high fundamental system entities/data Abe Singer and Tina Bird have throughout the book. The book is structures related to forensic dis- done a marvelous job with the lat- also quite readable and even in covery, and the specifics of data est volume in SAGE’s Short Topics tone and quality, despite having persistence. in System Administration series. four authors. Don’t let the book’s This book is an excellent mix of Building a Logging Infrastructure is goofy cartoon cover illustration the theoretical and the practical. a very comprehensive discussion mislead you or put you off. This is Fundamental concepts are covered of syslog and its uses and foibles. a serious book on an important in detail, as are system data struc- The work covers logging on both topic. tures and entities (e.g., file sys- UNIX/Linux and Windows sys- Finally, The Executive Guide to tems, inodes, processes, system tems, and also discusses some Information Security is exactly calls), providing a helpful—and replacements for syslog and when what it sounds like: a book about necessary—knowledge base for they are useful or necessary. The computer security designed for the specific techniques for examin- relative lack of material on log nontechnical business executives. ing the latter that follow. As is typ- data reduction is due to the dearth It places security concepts and ical of their work, Farmer and of options in this area rather than practices within a typical business Venema have the knack of getting the authors’ omission. This book is framework (mindset). As such, it even experienced UNIX folks to so good that I find myself falling may be useful to some readers of look at and appreciate familiar into a typical writer’s emotional this column who need to present things/material in a new way. pitfall: being jealous that I didn’t such technical information to A significant thread running write it myself. A must-have for managers and other nontechnical through the book is the persist- everyone. audiences. ence of data, including data deleted from memory and storage media. In the first chapter of the

50 ;LO GIN: V OL. 30, NO. 2 SPAM IS THE WORD A PAIR ON LINUX PROGRAM- PARTING GLANCE Slamming Spam is another excel- MING lent book. It surveys all of the Both of the programming books I’m going to try to end each col- major spam-fighting techniques in this time are aimed at beginners of umn with a brief mention of some- common use today, covering both various sorts. Java Application thing a little out of the main- user-level and system-level strate- Development on Linux is written for stream. This time it’s Knoppix gies. It discusses—and provides readers with some programming Hacks, a book that made me nos- detailed, correct directions for— experience and a basic familiarity talgic for the days when I fre- configuring email clients (“user with object oriented programming quently used a Yggdrasil install agents”), Sendmail, Postfix, qmail, concepts. The first major section CD as a PC hardware diagnostic Exchange, and Lotus Notes for of the book introduces the Linux tool. Knoppix is a Linux distribu- spam filtering. It includes chapters environment and the basic Java tion that runs directly from a CD on procmail, SpamAssassin, language, and the remaining four without installation to disk. This Vipul’s Razor, blacklists, SMTP parts cover Java in action, includ- book describes the many tasks it authentication, sender verifica- ing database queries, GUIs, Web can perform, ranging from system tion, and, of course, Bayesian fil- interfaces, and distributed applica- configuration and repair to creat- tering. Mail administrators, system tions. The pace of the book is slow, ing computer kiosks and roll-your- administrators, and anyone who but this is appropriate for its own Tivo-like systems. My one has to deal with a significant spam intended audience, and the book is gripe with the book is its organiza- problem will find this book indis- long enough to introduce its topics tion. Like all of the volumes in the pensable. in nontrivial detail. Students—and O’Reilly Hacks series, it is struc- tured as a numbered series of short Sendmail Milters is the definitive others—with only a moderate amount of programming experi- articles, a scheme that inevitably reference for using Sendmail’s fil- favors breadth over depth. I’d say tering facility—milters—for deal- ence will have no trouble working through this book on their own, about two-thirds of the topics here ing with spam messages. Its four are useful and the other one-third parts cover the characteristics of and they’ll be ready for advanced Java texts when they are through. are cool, resulting in a book that is spam, deploying a test environ- a good reference and also fun to ment for developing and testing, Linux Application Development is flip open and start reading. writing milters, and configuring now in its second edition. Peter Sendmail to use milters. This book called the previous edition “a is very comprehensive, extremely superb piece of work,” while not- well written and eminently read- ing that it “makes no concessions able, and of the high quality one to the unwashed.” It would seem would expect from Brian Costales, that much of the effort that went working in concert here with Mar- into the second edition was cia Flynt. designed to broaden the book’s appeal. For example, it now pro- vides many, albeit brief, explana- tions of how Linux does things and also includes coverage of glibc. The book has been updated for the 2.6 Linux kernel and GNU C library 2.3. It continues to serve as an excellent reference for seri- ous Linux application developers.

;LOGIN: APRI L 2005 TH E BOOKWORM 51