System and network security is an important function of both Information Systems and Information Security departments across the globe. As the ever-expanding reach of the Internet continues to encroach on networks throughout organizations, and as remote users clamor for increased internal network access, security increases in importance in both the eyes of administrators and management. Unfortunately, actually ensuring security for systems and networks can be laborious; many key responsibilities and tasks can be overlooked. Often, the problem isnt a lack of desire for secure systems, but rather an absence of education, policies, and procedures within an organization.
Julia Allens "The CERT Guide to System and Network Security Practices" is a set of policies and practices designed to help fill this gap in education and documentation. The book is structured as a series of largely independent chapters in which Allen has compiled and enhanced many CERT (http://www.cert.org) guidelines and best practices. Also, included with each chapter is a checklist you can use when compiling your own guidelines.
In addition to maintaining much of the CERT content, Allen has preserved the academic feel of CERT advisories and guidelines. Indeed, this book tends to be very dry; it reads exactly as you would expect of a book culled from the inner sanctums of CERT. While the writing style may not excite readers, the content provided certainly proves to be worth the effort of reading the text.
"The CERT Guide to System and Network Security Practices" begins with a preliminary overview of system and network security. Key definitions and concepts are examined, but no topic is covered in depth at this point. However, as the book progresses each topic is examined in much greater detail. (Topics are wide-ranging and cover a wide spectrum of information, and Allen takes pains to explore each subject in depth.)
After the introduction in the first chapter Allen covers the practice of securing servers, workstations, and Web servers. These chapters concerning system-level security are in large part platform agnostic, but Allen does include specific information for UNIX and NT systems. This trend continues throughout the book; while Allen does a good job in maintaining platform independence, she often sites specifics examples or practices for common operating systems. While a completely platform agnostic book might have provided a cleaner, more conceptual overview, Allen does well in integrating the material.
Allen next takes aim at firewalls and their deployment within the enterprise. While certainly not a comprehensive review of the material, she does an excellent job of formulating policy and procedure for determining firewall needs and implementation. Note, however, that the text is highly vendor independent. If you are hoping to learn specifics about Cisco PIX, IOS, or any other router or firewall, you need to shop elsewhere.
The final three chapters are devoted to intrusion detection and response. As with the first section, where prevention was the key concept, Allen goes into great detail as she explores detection and response systems. These chapters provide an excellent overview of IDS, its deployment, and its management. For those now investigating the deployment and use of IDS these chapters will certainly provide a solid foundation on which to build your solutions. However, again, the book does not dwell on the minutia of individual vendor solutions. After the introduction and review of IDS Allen discusses reactive measures (intrusion response). The chapter on intrusion response is quite good, and it will serve as an excellent guideline for producing your own policies and procedures in this area.
The book concludes with two appendices. The first, "Security Implementations," is provided as a resource for readers wanting to implement specific systems and techniques discussed in the book. Topics include Tripwire, Logsurfer, and even process accounting. The second appendix, "Practice-Level Policy Considerations," offers the reader a walk-through of policy creation. Many of the topics addressed throughout the book are codified in simple, pointed policy statements.
All in all, Julia Allen has done an excellent job in creating a book of best practices. While "The CERT Guide to System and Network Security Practices" is certainly not light reading, Allen does an adequate job of quickly covering a large amount of material. Many books in the market today are read once to introduce readers to new topics and concepts. This book, however, was written with the intention of providing administrators and managers a guide to managing security with a long-term view.
Author: Julia Allen
Publisher: Addison Wesley Longman
Published: June 2001
ISBN: 020173723X
464 pages
Price: $39.99