Order from a Major Online Bookstore
Ultimate Book Price Comparison Engine
Save Your Time And Money
| AnyBook4Less.com | Order from a Major Online Bookstore |
|
| Home | Store List | FAQ | Contact Us | | ||
| Ultimate Book Price Comparison Engine Save Your Time And Money |
||
 |
Title: The CERT Guide to System and Network Security Practices by Julia H. Allen ISBN: 0-201-73723-X Publisher: Addison-Wesley Pub Co Pub. Date: 07 June, 2001 Format: Paperback Volumes: 1 List Price(USD): $39.99 |
Average Customer Rating: 4.67 (9 reviews)
Rating: 5
Summary: Excellent Policy reference
Comment: This is a great book if you plan to implement any sort of info sec policy.
Well written, organized.
I only wish the authors would have provided the policies on a CD-Rom or web site.
Rating: 5
Summary: Functional Infosec Methodology At It's Finest
Comment: The CERT Guide to System and Network Security Practices should be a reference document on SAs, ISOs, and DBA's bookshelf that are serious about protecting their respective infrastructures. I might add that there is unfortunately precious little specific to RDBMS solutions resident in this tome, notwithstanding the paucity of material extant in the market place pertaining to RDBMS Infosec, so if you are looking for application specific, or database specific advice, look elsewhere, but that is another story.
Published by Addison Wesley, and of course CERT, and superbly written by Judith Allen, of the NSSP (the Networked Systems Survivability Program), a component of the CERT Coordination Center. Ms Allen was the Deputy Director of Carnegie Mellons'
highly respected SEI (Software Engineering Institute).
In my humble opinion, Ms. Allen has authored one of the more thorough books on the market for protecting information systems, in general. (Both large and small-scale deployments are covered). However, it is a guideline only, not every solution to every challenge you may encounter is included, which of course, is an impossibility.
The book, as a whole, should be viewed as a reference document. Utilized in the practical deployment and implementation of not only enterprise information security architectural solutions, but also the additional deployment and practical day to day solutions for individual machine level infosec issues as well, vis. a vis. secure OS installs, intrusion detection and response, along with the oft-overlooked policy considerations, so essential to successful Infosec rollouts.
Essentially the book is organized in three categories, complimenting each other in order of methodology, and in practice, to wit: Securing Computational Devices, then on to Firewall based perimeter defense, to the final chapters delineating Intrusion Detection and Response. Fully documented in both bibliographic reference and indices, the book is almost as useable as a searchable electronic manual (which for me, is a better solution, if it was available). Notwithstanding the absence of availability of this book electronically, I recommend the purchase.
All in all, the book is a great reference tool (as noted previously); use it as a guide (just like the title says!), just not the be all and end all. I also recommend this book for Infosec Policy Guideline authors, as it is not completely tied at all times to Oses, Conversely, Ms. Allen does offer up some specific recommendations/configuration settings for the building blocks of Unix Infosec: Tripwire, SSH, Syslog, Logsurfer 1.5, Spar, Tcpdump, Snort, etc.
Rating: 4
Summary: Very useful, but not fun to read
Comment: CERT has released a comprehensive guide for protecting information systems. As most security books nowadays, the CERT guide starts with quoting CSI/FBI 2001 survey statistics which indicate the ever increasing growth of cybercrime and other network abuse. Now that the 2002 survey is out, even more evidence of this alarming trend is available.
The book is organized around the prevention-detection-response principle. Part I covers securing computers and Part II describes detection and response capabilities in a non-platform specific way. Ample appendices cover Solaris security implementation (such as installing intrusion detection systems and other security functionality) and practical security policy considerations. Even some relevant physical security topics are covered. Another valuable resource is security checklists given in the end of each chapter. The need for a comprehensive enterprise security policy is also emphasized.
A lot of advice given in the book is well-known or common sense. However, it is the implementation of the described measures and not simply knowing them that will make your company secure.
The book is not without minor shortcomings. The first thing is that the book is a "what" book as opposed to a "how" book. The book is a huge list of good recommendations on system security, infrastructure design and migration strategies (such as a firewall migration strategy). However, it leaves the "real-life" problems (which are often considered the most important) to the implementer.
"Establish a password change policy" and "ensure that users follow it." And what if they don't? A big part of the security process starts at that point. Another part that is left to the implementer is prioritizing and assessing risk. Probably CERT authors are saving it for their next book on OCTAVE risk management.
Similarly, it is a great idea to patch vulnerabilities immediately after the vendor releases a patch. Yes, it is true that every patch should be evaluated and tested in a realistic test environment, before the production system are backed up and patched. However, it was calculated and reported that large companies (especially those that are Microsoft-only), will not have had time to complete the previous round of patching before the next patch is released using their system and network staff. Thus the real-world experience will run counter to the book's excellent advice.
Suggestions to increase system audit trails present the same challenge. It is important to be able to track what happened on the system by looking at the system logs. Near real-time log analysis presents an effective way to prevent system problems from getting out of hand. However, a tremendous amount of audit information is produced by security devices and few companies can afford a dedicated intrusion analyst.
Overall, reading the book will not make you more secure, but intelligently following the given recommendation while paying attention to your enterprise peculiarities will.
Anton Chuvakin, Ph.D., GCIA, GCIH is a Senior Security Analyst with a major information security company. His areas of infosec expertise include intrusion detection, UNIX security, forensics, honeypots, etc. In his spare time he maintains his security portal info-secure.org
Thank you for visiting www.AnyBook4Less.com and enjoy your savings!
Copyright� 2001-2021 Send your comments
