It also is useful to detect if any systems become compromised. In the latter case, the better crackers will change the system's IP address to an unused one to make it harder to track down which system was compromised. With Arpwatch, one will know which system was changed unless the cracker changes both the IP address and MAC address simultaneously. In this latter case one still will know that a rogue system has appeared suddenly.

Arpwatch was created by Craig Leres of Lawrence Berkeley Labs and I have enhanced it extensively to be more useful for large networks with multiple subnets and to properly detect bogons. Bogons are systems whose IP address is incorrect for the network that they are on. Bogons indicate systems that are incorrectly configured or compromised.

Ethereal

This wonderful program allows fast real-time analysis of packets traversing a system or network. It allows localizing a network or firewall problem, verifying that a VPN actually is encrypting its data, etc.

How long did it take you to write "Real World Linux Security, 2/e" and what was it like?

It took about three months of 90-hour weeks to finish the manuscript and a few months of "normal weeks" for the post-manuscript production to produce the finished book. This was on top of about six months of 120-hour weeks to create the manuscript for the first edition and three months for production.


What was it like? Pure hell. I worked mostly at night because I am more creative then and there were no interruptions for email or phone calls. My friends thought I abandoned them because they never saw me and I kept sending my girlfriend away for weekends, camping, to visit her mother in Washington, DC, and elsewhere. My good friend, Stan Bootle calls it "Writer's Widow".

I slept very little. I did just enough for my clients so that they did not find someone else to help them. This obsession resulted in a much better book. I saw my contribution to Linux and Open Source was to help secure it. While Linux (and Unix) is capable of very good security, people did not know how. With my knowledge of security and some ability to write I saw this as my greatest contribution to Open Source. The book also is very useful to Unix System Administrators.

What's your take on the adoption of Linux in the enterprise? Do you think it will give a boost to security?

Linux continues to "Eat Bill's lunch" and that of the Unix vendors. With the desktop work that has been done recently and several Distributions' work for easier installs, Linux is ready to take over the desktop market too. I think that the poor economy internationally has helped Linux.

Any old PC can run Linux quickly for no money and troublefree operation. The latter means far less support costs. Microsoft just announced that it no longer will support its flagship Office for previous Windows versions, to "force" people to buy its new stuff; I think many will switch to Linux instead.