Book Review: Linux Hardening in Hostile Networks (Kyle Rankin, 2018)

Rankin kicks off the first two chapters of this security-based Linux book with a general primer that covers basic security topics such as password best practices, HTTPS concepts, the application of encryption, browser plugins, and even a quick spin around the ‘TAILS’ and ‘Qubes’ Linux distributions. The preface of the book offers the reader a notable quote from Rankin to mechanize the overall theme:

“Today every computer on the network is a target, and every network is hostile.”

Kyle Rankin

Is this statement a scare tactic to further bolster the perceived utility of this book? Absolutely not, if anything it is a sobering reminder that the “Zero Trust Network” ideology that has gained patronage throughout the InfoSec community over the past few years is a much more realistic approach compared to locking systems down with time-honored countermeasures and calling it a day.

How will you know if this book is for you? It’s easy to say that any book about system hardening best practices is held with high value in this day and age, but this book is most definitely geared towards those of us that administer our own internet-facing Linux servers. Not that there isn’t a wealth of basic information that could benefit even a novice user in this book, but these fundamental building blocks ramp up quickly and cover areas of concern on a technical level well outside the scope of casual Linux users. The subtitle of the book even states “Server Security from TLS to Tor”, giving you a good idea of the core material you can expect prior to picking up a copy. Your mileage may vary, however if you are interested in learning about Linux server administration from a security standpoint, you can cover highly critical ground quickly by reading this book.

There is much peril to be invited when working with the Secure Shell (SSH) protocol and the rudimentary means by which administrators often choose to apply it by opening port 22, starting the service with password-only authentication enabled, then punching into machines with the same password throughout the system’s lifecycle. Basic considerations for working properly with SSH is a much appreciated section to be found in Rankin’s book, as well as effectively leveraging ‘AppArmor’ for increased permission-based security. To properly abide by the defense in depth strategy, simply choosing complex passwords and disabling unused services isn’t enough, so these topics that seems more arcane certainly help you take Linux security to a higher level.

Network security receives a satisfactory introduction with chapter four, and sends the reader through a battery of supplemental chapters that specifically address web, mail, and DNS servers as well as database security. Whether you are venturing on your own and hand-winding all your own services, or work in/plan to work in a Linux-based enterprise environment, the variety of insights to be garnered from these chapters alone make this book worth reading. While there are entire volumes written on the topic of incident response, Rankin does well by urging the reader to formulate a plan in the event your preventative efforts fail. While elementary in breadth, this book offers just enough to push you in the right direction for policy development regarding incident response to terminate an attack in progress, the concept of digital forensics, disk imaging, and server redeployment.

There are many, many more topics covered in Rankin’s book than mentioned in this review, but hopefully now you have a good idea of whether or not it’s right for your purposes. Copies are able to be registered with InformIT, where additional materials can be accessed to aid you in your quest to Linux hardening in hostile networks.