Interview with Brian Hatch, author of "Hacking Exposed Linux"
by Mirko Zorz - Monday, 30 June 2003.
An advanced security kernel patch can protect your machines more than the traditional Unix model. If the cracker, even if they can get in as root, can not remount the partitions in read-write mode, cannot stop or start your daemons, cannot bind any network sockets or make outbound connections, cannot read protected files even as root, they'll probably move onto easier pickings.

How long did it take you to write "Hacking Exposed Linux" and what was it like? Any major difficulties?

Well, first of all, I still call it "Hacking Linux Exposed", and you can read my rant on the topic if you want...

As with HLEv1, one of the biggest problems with writing was the fact that the publisher required everything in Word. Yes, that's right, we had to write a Linux book in a proprietary document format. While VMWare (for HLEv1) and Crossover Office (for HLEv2) allowed me to run Word on my Linux box, it was still no more stable than Word on Windows, which means that I frequently lost huge chunks of my content and had to rewrite from scratch. Again, I'll stop ranting about this difficulty; I've managed to mostly suppress those memories.

We had a lot of organisation issues in HLEv1 that we wanted to fix, plus we wanted to re-write some of the content that was written by the original contributing editors. Then, naturally, we wanted to add a lot of new content. For example the 'post intrusion' chapter grew so much it became three chapters on their own, covering more back doors, encrypted access methods, Trojans, and loadable kernel modules.

I didn't want to create a book that was just umpteen hundred pages of "here's how tool foo works; now, here's how tool bar works." At heart, I am a teacher, and though I could have had fun showing each and every security-related tool out there, it wouldn't have taught the concepts I wanted to get across. Instead, I wanted to teach the theory of security, and the specific tools and methods to achieve it in the Linux/Unix world, illustrating it all with actual exploits and defences. The only way to really learn is by doing, and I wanted to get folks interested in going out and probing their own systems, testing or compromising their own security, to understand things more intimately.

Overall, HLEv2 probably took nine months for James and I to write. That would have been shortened to 6 months or so had we been able to write in a useful format, such as LaTeX, which would also have allowed us to use CVS more fully between we authors and the editors.

What's your take on the adoption of Linux in the enterprise? Do you think it will give a boost to security?

The talk in all the trade rags and media is that there's an increased focus on security throughout the business world. Unfortunately, from what I've seen recently, it seems that the focus is on "hoping no one realizes our company is only giving it lip service." While some businesses are taking great steps, most are putting security on the back burner until the economy turns around. (I'm speaking from a US-centric position here because that's where I am. Much of the world is taking better steps toward security than the US.)

The mentality is that security is a second tier, a nice added bonus, when times are going well and you can afford to 'waste money' on something that doesn't bring in revenue. How many typical companies are growing their security teams currently, or for that matter employing people who are dedicated to nothing but security?


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 4th