[UKUUG Logo] Copyright © 1995-2004 UKUUG Ltd


Previous Next


Protecting Networks with Satan

Martin Freiss
O'Reilly & Associates, June 1998
112 pages, £14.95
ISBN 1-56592-425-8

(Reviewed by Andrew Cormack)

When the Security Administrator's Tool for Analysing Networks was first released it prompted many apocalyptic warnings. How could anyone put such a powerful tool in the hands of Internet babies? Now that the script kiddies have moved on to much more powerful port scanners, network managers can once again use SATAN as intended without the guilt associated with running a hacking tool. The program's interface and reporting are still excellent but its built-in tests are a little out-of-date so a book on using and enhancing it is particularly appropriate.

SATAN is a program for examining networked computers, to determine what services they offer and what versions of the server programs are being used. These checks are just one aspect of a complete security system and cannot detect all vulnerabilities. Since the book is about "protecting networks" it also discusses why security is important and the need for a coherent security policy; these sections should be compulsory reading for anyone dealing with multi-user computer systems. There are also suggestions for restricting the scope for intrusion using router filters and TCP wrappers, and for detecting hostile network activity with tools such as Gabriel and Courtney.

After establishing a security policy, tools are needed to implement it. SATAN shows its age in the amount of manual work needed to make it compile on different systems; the book certainly makes this easier than using the program documentation alone. UNIX commands are needed for some tests: ironically these include things like NIS and NFS clients which security-conscious administrators might not otherwise install. The program uses a web interface for selecting target machines and invoking checks which is well described including the occasional trap for the unwary. The biggest mistake would be to run SATAN without authority. In Britain this could be an offence under the Computer Misuse Act: you have been warned!

The standard SATAN program checks thirteen potential security holes. All have been described in CERT advisories so should have been fixed long ago; the book re-states clearly why each is a problem and how it can be solved. New checks can also be added and this should be the most useful part of the book. Information about target machines is extracted using rules expressed as Perl regular expressions. It is reasonable to assume that readers are familiar with pattern matching but more details on how the different rule files interact would be welcome. There is one excellent worked example which detects unrestricted shares (exported filesystems) on NT servers but the other samples are only fragments and not ready for immediate use. When the next security advisory arrives for version x of server y a step-by-step description of implementing this type of check would be a great comfort. Wise readers will work the procedure out for themselves before it is needed.

Despite its age SATAN is still the easiest port scanner for network administrators to use. This book provides a good introduction though, like the program it describes, most users will add their own supplementary information. Knowledge of Perl, UNIX and networking are assumed, which will suit the majority of readers. The appendix of books and online resources should fill any gaps.

Andrew Cormack keeps an eye on web security, and people who test web security...

Windows 95 in a Nutshell

Tim O'Reilly & Troy Mott
O'Reilly & Associates, June 1998
503 pages, £14.95
ISBN 1-56592-316-2

(Reviewed by Andrew Cormack)

Tim O'Reilly may have been making a political point by publishing this book on the day Windows 95 was, officially, made obsolete by the release of Windows 98, but there are benefits in writing about a two year-old operating system rather than a brand new one. Hindsight allows authors to concentrate on "difficult" areas rather than trying to provide blanket coverage of everything, while experience from regular use of the system can be summarised for the readers' benefit.

Nutshell books are mainly aimed at existing users but this one begins with a swift introduction to the Windows 95 GUI. This should be accessible to determined beginners but also contains shortcuts which will be new to many people who use Windows every day. The reference material which takes up more than half the book is much more detailed and wide-ranging. The first section about the desktop includes most of the standard icons and also general items such as context menus and the clipboard. Some entries have just a simple description and a few hints; others contain complete tutorials. The control panel merits a separate chapter because of the many inconsistencies among the tools it contains!

Nearly half the book is dedicated to commands even though Windows 95 is sold as a graphical operating system. In fact most of the graphical programs also have command line interfaces which can be invoked through shortcuts much more rapidly than using the official sequence of mouse clicks. Later in the book the same idea is extended using the DOS scripting language to wrap a series of operations in a single short-cut icon. These options are not well known so need the detailed and consistent documentation which the book provides. Tables of commands grouped by function act as an index to the individual descriptions as well as revealing where utilities can be found on the distribution disks, resource kits and web sites. There is even an introduction to pipes and re-direction for those who have never used a command line and directions for those who, under Windows 95 at least, have not been able to find one.

The final section of the book considers the organisation of the operating system: its structure, how it gets going and what all those files in the system directory are. The size and complexity of a modern operating system are stressed; Windows 95 is "a mammoth project [which] rivals the Titanic"! Not much of this is immediately useful but it is well written and will comfort those users who like to know a bit more about what is going on beneath their feet. The same applies to the chapter on the registry which describes its tree structure, the kinds of objects which can be found there and how to examine and change their values. After reading this, instructions in FAQs or other books to change registry values should hold no terrors despite Microsoft's dire warnings.

The book is rounded off by the usual selection of appendices, here covering keyboard accelerators, system files, file extensions and special characters. The detailed alphabetical index is supplemented by an index of common tasks: a good idea taken from the Windows NT Nutshell book.

"Windows 95 in a Nutshell" is not a tutorial, nor does it record every single item in the Graphical User Interface. Instead there is a great deal of use to those who want to go beyond the simple "point and click" interface as well as background information to give them confidence in developing their use of the system. As well as being useful in its own right this is an ideal preparation for advanced books such as O'Reilly's own "Annoyances" series.

Andrew Cormack keeps an eye on web security, and people who test web security...

Managing Mailing Lists

Alan Schwartz
O'Reilly & Associates, March 1998
282 pages, £21.95
ISBN 1-56592-259-X

(Reviewed by Huw Gulliver)

This book sets out to give practical advice about managing and installing UNIX-based mailing list management software (MLM). Four MLM packages are covered: Majordomo 1.94.4, LISTSERV Lite 1.8d, ListProc 6.0c and SmartList 3.10. The author notes that UNIX is not the only choice under which to manage a mailing list; LISTSERV Lite is available for Windows NT. But he considers its discussion would be premature and also predicts that Windows NT-based MLMs may get included in any subsequent edition of the book.

The book covers mailing list management from two angles; the list maintainer/owner's, and the server administrator's. Each MLM has a chapter dedicated to each aspect. The book starts with two chapters which look at e-mail and lists in general. Chapter one reviews the basics of messaging, the basic message headers, how messages are delivered and introduces the concept of a mailing list. Chapter two considers mailing lists in more detail, outlining the principles for list design and highlighting the choices that a list manager will have to make (such as naming conventions, the list policy -- who can post and who can subscribe, and whether to make a list closed or public, moderated or un-moderated). Also provided is a guide to choosing an MLM with a comparison table of the ones covered in the book.

In the next four chapters the author takes the reader through the process of creating a new list from the list manager/owner's point of view under each of the MLMs. It is quite interesting to note the differing degrees of configuration control the list owner has under the different MLMs, no doubt as a result of the different design philosophies adopted and expierences of each MLMs creator/maintainer.

The middle two chapters of the book discuss ways of using Sendmail and other UNIX tools to provide home-grown mailing lists. List troubleshooting, what to do about bounced messages, looping messages and list abuse are also covered.

Readers are then given four chapters describing the operation, installation and running of each of the MLMs. These chapters are aimed at the server administrator and in each case the example list used in the corresponding chapter in the first part of the book are again used. For me this helped to glue the two sides, list owner and list administrator, together.

At the back of the book are four appendices of configuration options, files and commands for each MLM.

The book's style and language make it a pleasant read, the odd bad joke apart ("How many list owners does it take to screw in a lightbulb? Four: one to screw in the lightbulb and three to remind subscribers that lightbulb requests should be sent to the request address, not the list address") but more importantly does seem to provide the sort of information that I would find helpful if I had to install one of the covered MLMs. The author's inclusion of useful tips such as modifications that can be made to code to improve it or change the way it behaves, plus other relevant resources available via the Internet, add to this impression. But I cannot help wondering that after I've selected my preferred MLM, installed it and set up a couple of lists, how often will I then need to refer to the book? Or would it just sit on the shelf?

Huw Gulliver is a member of the Network Support Team and UNIX administrator in Information Services at Cardiff University.

Office 97 Annoyances

Woody Leonhard, Lee Hudspeth & T.J. Lee
O' Reilly & Associates, October 1997
379 pages, £18.50
ISBN 1-56592-310-3

(Reviewed by Raza Rizvi)

Any 200 Mb chunk of code and associated files can't be without some annoyances, and this book shows you in gory detail what those are in the world's best selling office application suite. Not only does it cover bugs but also the non-intuitive aspects of all the major components, together with the things that you know should work but just don't appear to, even if you have used the "help" facility.

To start, the authors guide you through making changes after the installation process, including changes to the base operating system -- such as disabling Fast Find indexing. The recommended settings for pan office preferences and utilities such as the dictionary are explained. There is also information in tweaking Robert, the cute/irritating office assistant. The requirement for backup of custom templates is well illustrated and there is a large section on the customisation of the toolbars for Office and each application.

Before diving into each application, some 120 pages are set aside across two chapters for the subject of the macro language VBA (Visual Basic for Applications), which is used in most (note most, not all) of the office applications. Although the authors say you don't need to be a programmer, they do give a very comprehensive run-through of the most pertinent features peppered with examples. The second chapter in the VBA section shows how VBA can be used to overcome some restrictions and streamline unwieldy operations, such as swapping from relative to absolute cell addressing in Excel and the ShowAll command in Word.

Chapter 5 systematically goes through each component (Access, Excel, Outlook, Powerpoint and Word) and describes the inconsistencies between them, such as the ability to undo the last 2417 actions in Word while in Excel this is limited to a meagerly 16. The restrictions in interaction between components is described at great length together with some indications of how they can be overcome.

Robert is revisited at the start of Chapter 6, and it is clear that the book authors find him as annoying as everyone else! The next topic for derision is IntelliSence (or IntelliNonsense as they jokingly refer to it). This attempts to step in and helpfully correct user mistakes. The important area of Macro virus protection completes this chapter.

The final portion of the book covers the built-in Web support and HTML capabilities of the office applications. Both Excel and Powerpoint have useful wizards to make it easy for you to provide web content, but Word... In theory it is easy with Word but even this book doesn't tell me why every Word document that I save as HTML double spaces every single line...

Overall, this is a useful book for a mid-sized Microsoft Office-using department, but a little disjointed for individual use.

Raza Rizvi is technical support manager at REDNET, a very busy network integration company and medium-sized ISP.

Excel 97 Annoyances

Woody Leonhard, Lee Hudspeth & T.J. Lee
O'Reilly & Associates, September 1997
320 pages, £18.50
ISBN 1-56592-309-X

(Reviewed by Raza Rizvi)

There are many similarities between this book and the "Office 97 Annoyances" title from the same authors. The VBA for Excel chapters are almost word for word identical although the non-Excel-related examples have been changed. Therefore this review concentrates on the differences between the two books rather than being a complete review.

The authors begin by guiding you through making changes after the installation process, including changes to the base operating system -- such as disabling Fast Find indexing -- and there is a large section on the customisation of the toolbars for Excel.

Since Excel spreadsheets can become very large, very quickly, the authors include a handy reference to sheet navigation. The necessity to alter the command bar for anyone who wants to become proficient in the use of Excel is paramount and a great deal of effort is expended making clear how one alters the out-of-the-box version to something that is tailored to the individual user.

Since it is all too easy to end up with circular references in Excel as Microsoft imposes no worksheet philosophy upon the user, the authors stress the importance of workbook design and the means by which one can check the formulae within cells. Format manipulation of text, numbers, and formulae is outlined. Helpful time-savers such as autofill and the creation of custom lists are clearly illustrated.

As one works on spreadsheets, inevitably things need to be moved around; cell movement techniques are given the room they deserve in this book. To clarify complex formulae it is possible to give cells or groups of cells a name much like a variable name in a conventional programming language. Further, one can use the range finder feature to visually indicate which cells are acted upon by a cell formula.

VBA (Visual Basic for Applications) is covered in a long chapter.

Although there have not yet been many Excel viruses, the area of Macro virus protection begins Chapter 6 which goes on to consider how to make your spreadsheets bullet-proof, firstly by including comments or notes and also by using conditional formatting, error checking, and custom error messages.

The book covers the HTML capabilities of Excel which has a useful wizard to make it easy for you to provide web content and has some largely commonsense advice on what data you should make visible on the Internet.

If you Excel in more than a passing way, I would say that this book has something for you now and probably for something you are going to try in a few months. The authors give examples of good practice and also a fast way to learn about some of the more common 'esoteric' Excel features.

Raza Rizvi is technical support manager at REDNET, a very busy network integration company and medium-sized ISP.

Previous Next
Tel: 01763 273 475
Fax: 01763 273 255
Web: Webmaster
Queries: Ask Here
Join UKUUG Today!

UKUUG Secretariat