Book Review: The CERT Guide to System and Network Security Practices

Since November 1988, the CERT Coordination Center has been actively responding to computer security incidents, analysing product vulnerabilities, publishing technical documents which help organisations secure their networked computer systems. "The CERT Guide to System and Network Security Practices", published in May 2001 by Addison-Wesley is a compilation of the CERT security practices. Apart from the author, Julia H. Allen, there are eleven other contributors. Most of the information in this book are available online. There is also a companion web site for it.

This book is meant to be used as a reference for experienced system administrators who want to set up a "security best practices" handbook for their companies. They are advised to browse through the book and zoom in to the sections most relevant to them instead of reading it from cover to cover. Anyway I don't think anyone would read the book page by page until the end in one sitting as it would be quite dry.

There are seven chapters grouped under two parts, and two appendixes. Chapter one to four, under part I cover 31 practices to harden and secure the system which includes network servers, user workstations, public web servers, and firewalls. Part II contains the rest of the chapters (21 practices) which are sequenced logically starting from the preparation for intrusion detection and response, the detection of break-ins, and the response to the attacks. As maintaining the security of the system is an on-going process, there are two practices devoted to reviewing, revising, and improving the current security policies and procedures.

As all the guidelines provided in the chapters are generic and without any platform constraints, appendix A looks at how to implement Tripwire, SSH, Syslogd, Logsurfer, Spar, Tcpdump, and Snort on Sun Solaris, step-by-step. The whole book is summarised in appendix B chapter by chapter and can be used as some sort of an index to locate the practice that you are interested in. All chapters conform to a template: an introduction; an overview; a subsection each for every security practice which comprises an introduction, steps in the sequence of implementation, other considerations; and a checklist of the main points.

I must say that this book is a must-have for every system administrator or IT manager responsible for computer security. Although it doesn't go into detail on the exact implementation of the various countermeasures, it enables you to be aware of what you need to do to minimise the risks. In real life, it is nearly impossible to implement every single practice but it is then up to you to come up with a suitable security policy for your organisation based on the guidelines, and to ensure that the procedures are strictly adhered to. Another important thing is to remember to check the CERT web site for the latest security practices as they are updated regularly.