Practical UNIX and Internet Security

Name: Practical UNIX and Internet Security
Price: 4.5 USD
Availability: InStock
ISBN: 9781565921481

ISBN-10: 1565921488

ISBN-13: 9781565921481

Edition: 2nd 1996

Authors: Simson Garfinkel, Gene Spafford, Debby Russell

List price: $44.95

30 day, 100% satisfaction guarantee!

Marketplace

3 new & used from $4.50

what's this?

Rush Rewards U
Members Receive:

You have reached 400 XP and carrot coins. That is the daily max!

Practical UNIX and Internet Security includes detailed coverage of Internet security and networking issues, including World Wide Web security, wrapper and proxy programs, integrity management tools, secure programming and how to secure TCP/IP services.

Book details

List price: $44.95
Edition: 2nd
Copyright year: 1996
Publisher: O'Reilly Media, Incorporated
Publication date: 4/16/1996
Binding: Paperback
Pages: 1004
Size: 7.00" wide x 9.19" long x 2.11" tall
Weight: 3.124

Gene Spafford, Ph.D., CISSP, is an internationally renowned scientist and educator who has been working in information security, policy, cybercrime, and software engineering for nearly two decades. He is a professor at Purdue University and is the director of CERIAS, the world's premier multidisciplinary academic center for information security and assurance. Professor Spafford and his students have pioneered a number of technologies and concepts well-known in security today, including the COPS and Tripwire tools, two-stage firewalls, and vulnerability databases. Spaf, as he is widely known, has achieved numerous professional honors recognizing his teaching, his research, and his…



Preface



Computer Security Basics



Introduction: Some Fundamental Questions


What Is Computer Security?


What Is an Operating System?


What Is a Deployment Environment?



Unix History and Lineage


History of Unix


Security and Unix


Role of This Book



Policies and Guidelines


Planning Your Security Needs


Risk Assessment


Cost-Benefit Analysis and Best Practices


Policy


Compliance Audits


Outsourcing Options


The Problem with Security Through Obscurity



Security Building Blocks



Users, Passwords, and Authentication


Logging in with Usernames and Passwords


The Care and Feeding of Passwords


How Unix Implements Passwords


Network Account and Authorization Systems


Pluggable Authentication Modules (PAM)



Users, Groups, and the Superuser


Users and Groups


The Superuser (root)


The su Command: Changing Who You Claim to Be


Restrictions on the Superuser



Filesystems and Security


Understanding Filesystems


File Attributes and Permissions


chmod: Changing a File's Permissions


The umask


SUID and SGID


Device Files


Changing a File's Owner or Group



Cryptography Basics


Understanding Cryptography


Symmetric Key Algorithms


Public Key Algorithms


Message Digest Functions



Physical Security for Servers


Planning for the Forgotten Threats


Protecting Computer Hardware


Preventing Theft


Protecting Your Data


Story: A Failed Site Inspection



Personnel Security


Background Checks


On the Job


Departure


Other People



Network and Internet Security



Modems and Dialup Security


Modems: Theory of Operation


Modems and Security


Modems and Unix


Additional Security for Modems



TCP/IP Networks


Networking


IP: The Internet Protocol


IP Security



Securing TCP and UDP Services


Understanding Unix Internet Servers and Services


Controlling Access to Servers


Primary Unix Network Services


Managing Services Securely


Putting It All Together: An Example



Sun RPC


Remote Procedure Call (RPC)


Secure RPC (AUTH_DES)



Network-Based Authentication Systems


Sun's Network Information Service (NIS)


Sun's NIS+


Kerberos


LDAP


Other Network Authentication Systems



Network Filesystems


Understanding NFS


Server-Side NFS Security


Client-Side NFS Security


Improving NFS Security


Some Last Comments on NFS


Understanding SMB



Secure Programming Techniques


One Bug Can Ruin Your Whole Day...


Tips on Avoiding Security-Related Bugs


Tips on Writing Network Programs


Tips on Writing SUID/SGID Programs


Using chroot()


Tips on Using Passwords


Tips on Generating Random Numbers



Secure Operations



Keeping Up to Date


Software Management Systems


Updating System Software



Backups


Why Make Backups?


Backing Up System Files


Software for Backups



Defending Accounts


Dangerous Accounts


Monitoring File Format


Restricting Logins


Managing Dormant Accounts


Protecting the root Account


One-Time Passwords


Administrative Techniques for Conventional Passwords


Intrusion Detection Systems



Integrity Management


The Need for Integrity


Protecting Integrity


Detecting Changes After the Fact


Integrity-Checking Tools



Auditing, Logging, and Forensics


Unix Log File Utilities


Process Accounting: The acct/pacct File


Program-Specific Log Files


Designing a Site-Wide Log Policy


Handwritten Logs


Managing Log Files


Unix Forensics



Handling Security Incidents



Discovering a Break-in


Prelude


Discovering an Intruder


Cleaning Up After the Intruder


Case Studies



Protecting Against Programmed Threats


Programmed Threats: Definitions


Damage


Authors


Entry


Protecting Yourself


Preventing Attacks



Denial of Service Attacks and Solutions


Types of Attacks


Destructive Attacks


Overload Attacks


Network Denial of Service Attacks



Computer Crime


Your Legal Options After a Break-in


Criminal Hazards


Criminal Subject Matter



Who Do You Trust?


Can You Trust Your Computer?


Can You Trust Your Suppliers?


Can You Trust People?



Appendixes



Unix Security Checklist



Unix Processes



Paper Sources



Electronic Resources



Organizations


Index