 |
Practical Unix & Internet Security, 3rd Edition
Customer Reviews: 1 Average Customer Rating:  Write a Review and tell the world about this title! People who purchase this book frequently purchase: - Hacking Exposed: Network Security Secrets & Solutions, 5th Edition; Joel Scambray, et al, $30.50, 39% Off!
- Security Warrior; Cyrus Peikari, et al, $27.95, 38% Off!
- Linux Server Security, 2nd Edition; Michael D. Bauer, $27.95, 38% Off!
- Essential System Administration, 3rd Edition; AEleen Frisch, $34.50, 37% Off!
Books on similar topics, in best-seller order:Books from the same publisher, in best-seller order:
When Practical Unix Security was first published more than a decade ago,
it became an instant classic. Crammed with information about host security, it
saved many a Unix system administrator from disaster. The second edition added
much-needed Internet security coverage and doubled the size of the original volume.
The third edition is a comprehensive update of this very popular book - a companion
for the Unix/Linux system administrator who needs to secure his or her organization's
system, networks, and web presence in an increasingly hostile world.
Focusing on the four most popular Unix variants today--Solaris, Mac OS X, Linux,
and FreeBSD--this book contains new information on PAM (Pluggable Authentication
Modules), LDAP, SMB/Samba, anti-theft technologies, embedded systems, wireless
and laptop issues, forensics, intrusion detection, chroot jails, telephone scanners
and firewalls, virtual and cryptographic filesystems, WebNFS, kernel security
levels, outsourcing, legal issues, new Internet protocols and cryptographic algorithms,
and much more.
Practical Unix & Internet Security consists of six parts:
- Computer security basics: introduction to security problems and solutions,
Unix history and lineage, and the importance of security policies as a basic
element of system security.
- Security building blocks: fundamentals of Unix passwords, users, groups,
the Unix filesystem, cryptography, physical security, and personnel security.
- Network security: a detailed look at modem and dialup security, TCP/IP,
securing individual network services, Sun's RPC, various host and network
authentication systems (e.g., NIS, NIS+, and Kerberos), NFS and other filesystems,
and the importance of secure programming.
- Secure operations: keeping up to date in today's changing security world,
backups, defending against attacks, performing integrity management, and auditing.
- Handling security incidents: discovering a break-in, dealing with programmed
threats and denial of service attacks, and legal aspects of computer security.
- Appendixes: a comprehensive security checklist and a detailed bibliography
of paper and electronic references for further reading and research.
Packed with 1000 pages of helpful text, scripts, checklists, tips, and warnings,
this third edition remains the definitive reference for Unix administrators
and anyone who cares about protecting their systems and data from today's threats.
Table of Contents
Preface
Part I. Computer Security Basics
1. Introduction: Some Fundamental Questions
What Is Computer Security?
What Is an Operating System?
What Is a Deployment Environment?
2. Unix History and Lineage
History of Unix
Security and Unix
Role of This Book
3. Policies and Guidelines
Planning Your Security Needs
Risk Assessment
Cost-Benefit Analysis and Best Practices
Policy
Compliance Audits
Outsourcing Options
The Problem with Security Through Obscurity
Part II. Security Building Blocks
4. Users, Passwords, and Authentication
Logging in with Usernames and Passwords
The Care and Feeding of Passwords
How Unix Implements Passwords
Network Account and Authorization Systems
Pluggable Authentication Modules (PAM)
5. Users, Groups, and the Superuser
Users and Groups
The Superuser (root)
The su Command: Changing Who You Claim to Be
Restrictions on the Superuser
6. Filesystems and Security
Understanding Filesystems
File Attributes and Permissions
chmod: Changing a File's Permissions
The umask
SUID and SGID
Device Files
Changing a File's Owner or Group
7. Cryptography Basics
Understanding Cryptography
Symmetric Key Algorithms
Public Key Algorithms
Message Digest Functions
8. Physical Security for Servers
Planning for the Forgotten Threats
Protecting Computer Hardware
Preventing Theft
Protecting Your Data
Story: A Failed Site Inspection
9. Personnel Security
Background Checks
On the Job
Departure
Other People
Part III. Network and Internet Security
10. Modems and Dialup Security
Modems: Theory of Operation
Modems and Security
Modems and Unix
Additional Security for Modems
11. TCP/IP Networks
Networking
IP: The Internet Protocol
IP Security
12. Securing TCP and UDP Services
Understanding Unix Internet Servers and Services
Controlling Access to Servers
Primary Unix Network Services
Managing Services Securely
Putting It All Together: An Example
13. Sun RPC
Remote Procedure Call (RPC)
Secure RPC (AUTH_DES)
14. Network-Based Authentication Systems
Sun's Network Information Service (NIS)
Sun's NIS+
Kerberos
LDAP
Other Network Authentication Systems
15. Network Filesystems
Understanding NFS
Server-Side NFS Security
Client-Side NFS Security
Improving NFS Security
Some Last Comments on NFS
Understanding SMB
16. Secure Programming Techniques
One Bug Can Ruin Your Whole Day . . .
Tips on Avoiding Security-Related Bugs
Tips on Writing Network Programs
Tips on Writing SUID/SGID Programs
Using chroot( )
Tips on Using Passwords
Tips on Generating Random Numbers
Part IV. Secure Operations
17. Keeping Up to Date
Software Management Systems
Updating System Software
18. Backups
Why Make Backups?
Backing Up System Files
Software for Backups
19. Defending Accounts
Dangerous Accounts
Monitoring File Format
Restricting Logins
Managing Dormant Accounts
Protecting the root Account
One-Time Passwords
Administrative Techniques for Conventional Passwords
Intrusion Detection Systems
20. Integrity Management
The Need for Integrity
Protecting Integrity
Detecting Changes After the Fact
Integrity-Checking Tools
21. Auditing, Logging, and Forensics
Unix Log File Utilities
Process Accounting: The acct/pacct File
Program-Specific Log Files
Designing a Site-Wide Log Policy
Handwritten Logs
Managing Log Files
Unix Forensics
Part V. Handling Security Incidents
22. Discovering a Break-in
Prelude
Discovering an Intruder
Cleaning Up After the Intruder
Case Studies
23. Protecting Against Programmed Threats
Programmed Threats: Definitions
Damage
Authors
Entry
Protecting Yourself
Preventing Attacks
24. Denial of Service Attacks and Solutions
Types of Attacks
Destructive Attacks
Overload Attacks
Network Denial of Service Attacks
25. Computer Crime
Your Legal Options After a Break-in
Criminal Hazards
Criminal Subject Matter
26. Who Do You Trust?
Can You Trust Your Computer?
Can You Trust Your Suppliers?
Can You Trust People?
Part VI. Appendixes
A. Unix Security Checklist
B. Unix Processes
C. Paper Sources
D. Electronic Resources
E. Organizations
Index
Customer Reviews
Customer Reviews: 1 Average Customer Rating: Aug 11, 2004 Jason DePriest from Memphis, TN
The best data security book I've ever read
This book is hands down the most informative, useful, and broad scoped security book I've ever read. I was reading it like it was a novel. I couldn't wait to see what was next. It is full of cover-to-cover useful information from writing security policies to detailed descriptions of vulnerabilities to configuring secure systems. Even if you are a Windows dude who can barely spell Unix, you should read this book; the good advice is universal. Buy this book. If you can find the 2nd edition, but it, too.
|
|
