Interview with Bob Toxen, Author of "Read World Linux Security"
by Mirko Zorz - Monday, 16 December 2002.
I wrote 60 pages on IP Tables in RWLS 2/e that includes "Tips and Techniques" for easy rule set creation and debugging, a detailed comparison of IP Tables with IP Chains, and complete IP Tables scripts for SOHO and medium organizations that want a DMZ.

Logcheck (my enhanced version)

Logcheck takes the tedium out of properly checking your systems' log files for attacks and illness. I find it better than other tools, such as LogWatch, that either do not catch enough problems or do not discard unimportant events. I recommend that anyone running LogWatch immediately replace it with Logcheck.

My enhancements including fitting each IP Chains/IP Tables entry on a single line, being able to page the System Administrator for major problems, and not repeating "Attack" entries in the "Violations" section and not repeating "Violation" entries in the "Unusual" section. This encourages one to read all sections, knowing that it does not contain repeated data.

This version is on the CD-ROM that comes with the book and has been submitted back to Logcheck's original author.

My own Adaptive Firewall

It runs on top of IP Chains/Tables ("The Cracker Trap"). It locks an attacking system out of one's network within a fraction of a second.

Nmap

Fyodor's wonderful tool allows a thorough analysis of a firewall, network, or system very quickly and easily. Both SysAdmins and crackers use it daily. I even use it to see if an e-commerce site has made an effort to harden its server before I trust it with my credit card number.

Arpwatch (my enhanced version)

This wonderful tool allows the SysAdmin to know when someone connects a new system to the network or changes the IP address of an existing system within seconds. This is critical to ensure that users do not install "rogue" systems without authorization.

It also is useful to detect if any systems become compromised. In the latter case, the better crackers will change the system's IP address to an unused one to make it harder to track down which system was compromised. With Arpwatch, one will know which system was changed unless the cracker changes both the IP address and MAC address simultaneously. In this latter case one still will know that a rogue system has appeared suddenly.

Arpwatch was created by Craig Leres of Lawrence Berkeley Labs and I have enhanced it extensively to be more useful for large networks with multiple subnets and to properly detect bogons. Bogons are systems whose IP address is incorrect for the network that they are on. Bogons indicate systems that are incorrectly configured or compromised.

Ethereal

This wonderful program allows fast real-time analysis of packets traversing a system or network. It allows localizing a network or firewall problem, verifying that a VPN actually is encrypting its data, etc.

How long did it take you to write "Real World Linux Security, 2/e" and what was it like?

It took about three months of 90-hour weeks to finish the manuscript and a few months of "normal weeks" for the post-manuscript production to produce the finished book. This was on top of about six months of 120-hour weeks to create the manuscript for the first edition and three months for production.

What was it like? Pure hell. I worked mostly at night because I am more creative then and there were no interruptions for email or phone calls. My friends thought I abandoned them because they never saw me and I kept sending my girlfriend away for weekends, camping, to visit her mother in Washington, DC, and elsewhere. My good friend, Stan Bootle calls it "Writer's Widow".

Spotlight

Android Fake ID bug allows malware to impersonate trusted apps

Posted on 29 July 2014.  |  Bluebox Security researchers unearthed a critical Android vulnerability which can be used by malicious applications to impersonate specially recognized trusted apps - and get all the privileges they have - without the user being none the wiser.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Jul 29th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //