Robert Bruen's review of "The CERT Guide to System and Network Security Practices" by Julia Allen, Addison-Wesley, 2001, IEEE Cipher, E44 September 15, 2001"

The CERT Guide to System and Network Security Practices
by Julia Allen
Addison-Wesley, 2001.
447 pages. Index, two appendices, bibliography and abbreviations list
$39.99 softcover. ISBN 0-201-73723-X

Reviewed by Robert Bruen September 12, 2001

When it comes to figuring out how to protect your computers and networks there are a number of approaches that can be taken. There are also a large number of books that offer help. When you are not sure which way to turn and there are lots of choices, it is difficult to decide what should be done first. The CERT Guide is a good place to start because unlike many of the other books (many of which are good), it uses the step by step approach with complete (as is possible) coverage. It is not written from a hackers viewpoint, but instead from defensive viewpoint, starting with hardening of your network. The focus is on procedures and policy in addition to technical matters.

Each chapter has a well done checklist referencing the section within the chapter itself. The chapters and checklists are orderly, first do this, next do that, etc. The steps are explained in the chapter sections, but not in the detail that a hard core techie might like. For example, SSL, SSH and SET are covered in just a few pages. Each is described with enough information to allow the reader to decide whether or not it is appropriate to seek further information and where to go for it.

There are sections that do cover technical detail, for example, the process to obtain, install, run and understand Tripwire, Snort, TCPDump and other software packages. A number of alternative packages are given as well. The well organized approach breaks out each one of the concepts of security with the appropriate software listed for each concept in chart form. This book is is aimed at the implementation of security, not looking at code to see how to attack networks. It is also a level headed approach that does use hyperbole as a tool.

The first several chapters cover securing computers: servers, user workstations and web servers in particular. There is a chapter on firewalls. The rest of the chapters focus on Intrusion Detection from setting up to responding to an intrusion. Most security books are not written with the goal of serving as a textbook for an academic course in computer and network security, but this one is close. It does not have the necessary problems and exercises, but the organization and presentation meets many of the other requirements. It is highly structured with small sections, numbered to three levels. This makes it a good choice for learning about security, somewhat reflecting CERT's approach to security.

The CERT Guide is easy to read, with good instructions and good information. It is a useful book to have, especially if you need to communicate with an upper management that understands only policy as standard operating procedure. It also has its basis in CERT's database of security incidents, so if you follow everything in it, you will be in good shape. Well, at least until the next sunrise development from the crackers. It is recommended as part of the growing book collection intended to help the people who just want to keep their networks up and running.