Book Review: Secure Your Network for Free (Syngress)
Secure Your Network for Free
The books is pretty brief and to the point running only 8 chapters in 480 pages. It starts with planning a strategy on getting a business to buy in on using Open Source software. You would think that ?free? would be the end of the discussion but I know from being a consultant and working for large companies many think ?free? means crap or liability. You can find problems with code, documentation (if any exists) and support, all of which make a business hesitant to use ?free? software. The book is targeted towards small to medium sized business.
The technical part of the book starts into perimeter security with simple explanations on Firewall types and architectures. It also included discussions on remote access mostly via VPN. I think both the Firewall and VPN sections are great introductions for anyone that has been doing System Administration and Network Administration for a while but has only working in the core of the network and is new to the edge.
The book talked about protecting network resources by hardening base operating systems, patch management and Anti-Virus/Anti-Malware protection. The book has lots of step-by-step instructions on implementing each solution. For anyone that is unclear about how to get started, this book would be a good reference.
I really enjoyed the section on IDS more specifically Snort. I have worked with Snort over the years and this book provides good information on all the details surrounding the implementation of Snort. I have seen lots of books over the years that talk about how to setup, manage and optimize Snort but this is the first that discussed both the physical and logical networking aspects of the where and why on IDS placement.
The chapter on managing event logs was very good. I know everyone hates logs but this chapter provided all the details on how to collect, transfer securely and manage logs in a central location. I have written post about this topic several times but I still meet people new to IT that don?t understand the value and importants of log files. This chapter covers it all from how-to collect all the Windows Event Logs in an all Windows shop. To how-to collect all the syslog data in a Linux shop. It even discusses how to create new events to be logged and collect all the Event Logs and syslog data in a mixed network. If you are still letting your logs go unorganized and unused you might want to check out this brief chapter.
The section about Nmap was pretty weak. I?m not sure what I was expecting but maybe it?s because I am aware of some of the power in Nmap that left me feeling unimpressed. The mention of Nessus was also a little underwhelming. I would have thought they would have talked more about how to automate both of these programs. I think that if they make a second edition of this book it will include OpenVAS with some examples. I would also like to see something about Metasploit Framework and the db_autopwn feature.
The last chapter covers Wireshark and MRTG. I work with very large data sets of logs so I know every well the importance of tools like MRTG and the ability to create charts and graphs of network data. Like the saying goes, “a picture is worth a thousand words.” The same goes for visualization of network and security data. Again the popular programs advertised on the cover are only covered briefly. I know both have books dedicated to them by Syngress but some more examples would have fit the feel and obvious target of the book.
The book was an easy read. I would recommend it to anyone that is new to Open Source network security tools. If you already know the programs listed on the cover and have used them before this book isn?t for you. I do want to say I?m a big Syngress Publishing fan and this book does fit a need in the market. I also think the book is fair and honest in the pro’s and con’s of using “free” Open Source software in a business. If you have read this book I would like to know what you got out of it. Please post your feedback in the comments.
