Tag Archives: Book Review

A No-Nonsense Guide to the OpenBSD Firewall

Though this is the 3rd edition, this is the first time I have picked up this book. As a proponent of the *BSDs, I appreciate have good quality material like this book available to overview and then get down into the mechanics of key subsystems, like PF.

I appreciated the clear, concise writing, as well as the multitude of real world examples.

One of the key chapters for me was Chapter 6: Turning the Tables for Proactive Defense. Peter goes in-depth into how PF elegantly handles issues like SSH bruteforcing, as well as how PF handles spam with stuttering, blacklisting and greylisting.

Highly recommended for someone that is interested in working with PF, or is already administrating PF, but looking for some extra help in certain areas.

-Josh

Tagged ,

Review of “Time Management for System Administrators” Posted

Amazon just posted by 4 star review of Time Management for System Administrators by Thomas A. Limoncelli–I have reproduced it below, for those who don’t want to click the link here.

Beneficial for ALL SysAdmins

So why read a book on Time Management?  I feel like I already do a decent job of time management, but I had seen really good reviews of this book, and so I thought I would give it a try.

I knew this book was going to be good when I read the following in the Preface:

My home life looks alot like my work life–You should see the killer server I’ve setup at home.  Once I’ve finished tweaking it, I’m going to set up the same thing at work.  Very few occupations are like that.

He is describing me exactly!

This is the biggest reason why I enjoyed the book as well as I did–Because it wasn’t a generic time management book (a dime a dozen these days), but it was a time management book written specifically for system administrators.  So the situations and scenarios used in the book were very practical and applicable to me.

Limoncelli starts out with some basic time management principles (Focus vs. Interruptions, Routines, etc),  which I found helpful, but the main focus of the book is the Cycle System.

The Cycle System is made up of  three parts: a combined to do list and today’s schedule, a calendar, and a list of long-term life goals. It seems this system is a combined/modified system from other time management systems.

Overall, I found alot of the principles and tools of the Cycle System to be beneficial, and I have implemented about 70% of it into my workflow.  (The other 30% just did not fit my workplace environment.)

The last 6 chapters he deals with Prioritization, Stress Management, Email Management, Time Wasters, Documentation, and Automation.  Again, beneficial, except for the Documentation and Automation chapters, which I felt overlapped with the same sections of Limoncelli’s other book he has authored (The Practice of System & Network Administration), so I skipped them.

The writing style was enjoyable to read, and the scattered User Friendly comic strips helped break up the text.

Overall, I would give it a 4 out of 5 stars, as I would highly recommend it to all system/network administrators (even if you think you have great time management principles), bu I do feel that there was overlap in some of the chapters.

-Josh Brower

Tagged

“Extrusion Detection” Review Posted

Amazon has posted my 5 star review of Richard Bejtlich’s ‘Extrusion Detection

“This is my 2nd book by Bejtlich that I have read, with the first being “The Tao of Network Security Monitoring: Beyond Intrusion Detection.” While the Tao of NSM focused mainly on detecting attacks coming in from the perimeter, this book focused on Network Security Monitoring principles as applied to traffic going out of the network.

Bejtlich starts out by doing an overview of Network Security Monitoring, referencing his earlier book as a more in-depth treatise on NSM.  He then goes on to the theory and illustration of “Extrusion Detection.” (“‘The process of identifying unauthorized activity by inspecting outbound network traffic.”) We see Extrusion Detection illustrated with the 4 types of NSM data. (Full Content, Session, Statistical, and Alert)

We then moved onto “Enterprise Network Instrumentation,” which included discussions on network/packet capture equipment, some I had never seen before: SPAN Regeneration Taps, Link Aggregator Taps, etc.

The next section was probably my favorite:  Enterprise Sink Holes. What a fantastic way to discover a local compromised host scanning your internal network.  This section also had some great ways to do short-term containment (with a Sink Hole) on a loose worm. (The coolest, in my opinion, being Unicast  Reverse Path Forwarding)

Next we have sections on Traffic Threat Assessments, Network Incident Response, and Network Forensics.  The book finishes up with a case study on traffic threat assessment and a discussion on Malicious Bots.

I have to give this book 5 stars out of 5 for it’s fresh and  unique  look at internal and outbound intrusions.  Richard doesn’t rehash what a thousand other network security pros have written.”

Josh

Tagged ,