Solaris 10 Security Essentials (Solaris System Administration) [Paperback]

As I mentioned in my review of Solaris 10 System Administration Essentials, I bought the two books together. I read the other book first and was disappointed by the hand-waving treatment of important topics and sometimes outdated concepts. I also felt misled by the author attribution. While it was my mistake to infer Sun engineers had written the book, "Solaris System Engineers" still misrepresents many of that book's contributors. If I had written that content and dared call myself a system engineer, I'd imagine my employer would want to know what I mean by that phrase, followed by a quiet resignation.

Thankfully, this book is quite different. It is, for starters, attributed to "Sun Microsystems Security Engineers" and there's no mistaking that by the quality of the content. The first two chapters present exactly what I think such a volume should include, namely, a motivation for the subject and an example-driven overview of all the aspects of security that enter into administering this operatiing system. These chapters are simple, clear, and set a solid foundation that makes the sometimes-dry content to follow easier to digest.

The chapters that follow could be longer, but I think the content mostly delivers on the "essentials" idea. The treatments aren't comprehensive, but they're enough to get started in several areas and explore what the Solaris tools make possible. Chapter 3, "System Protection with SMF," highlights a few aspects of Solaris' Service Management Facility that are often overlooked, and provides useful examples the reader can work through. I also liked Chapter 5, "Privileges and Role-Based Access Control," despite the 4-5 unnecessary screen shots of Solaris Management Console. This topic often gets mired in half-finished explanations of the configuration components. Here the roles of these components are laid out in a deliberate, patient manner that makes it easier to connect the dots.

Most software engineers are not great writers. The easiest thing for many of them to do, it seems, is to transliterate from design documents and/or code to an exposition of features and possibly how they are implemented. Some chapters follow that dull, dry pattern. A beginner, grateful for any kind of help, might not mind. But an editor who insists the writer dig deeper for the intended audience would have helped a lot here. A detail-heavy topic like Chapter 10, "Solaris 10 Network Security," tends to suffer from too much show and not enough tell. The imbalance is strongest in Chapter 8, "Key Management Framework," which is all of nine pages -- closer to "skeletal" than "essential" but oh well. In fact, if you read in order, starting with Chapter 6, "Pluggable Authentication Modules (PAM)" and Chapter 7, "Solaris Cryptographic Framework," you can almost hear the breathing get more labored as you go. The going generally gets tougher to the end. The last chapter, "Configuring and Using Trusted Extensions," is welcome relief from that trend, but it would also benefit from a discussion that motivates the reader: is it potentially useful? How? If it's merely cool to a lot of users, that's ok to me, but please do tell me what fun I'm missing.

Overall, the information provided in this book is strong and useful. It is certainly more accessible than a lot of existing documentation. On price: if I could save $15 or more by printing the PDF of the book, I would happily live without the binding and the nice cover. With that in mind, I wouldn't pay retail for this book, which I find a shade too thin.

Just as it says on the cover, it's essential. I've had it for a couple days and now I can't live without it. It's answered so many nagging questions. Yay Solaris!