Practical Unix & Internet Security, 3rd Edition
Format: PDF / Kindle (mobi) / ePub
When Practical Unix Security was first published more than a decade ago, it became an instant classic. Crammed with information about host security, it saved many a Unix system administrator from disaster. The second edition added much-needed Internet security coverage and doubled the size of the original volume. The third edition is a comprehensive update of this very popular book - a companion for the Unix/Linux system administrator who needs to secure his or her organization's system, networks, and web presence in an increasingly hostile world.Focusing on the four most popular Unix variants today--Solaris, Mac OS X, Linux, and FreeBSD--this book contains new information on PAM (Pluggable Authentication Modules), LDAP, SMB/Samba, anti-theft technologies, embedded systems, wireless and laptop issues, forensics, intrusion detection, chroot jails, telephone scanners and firewalls, virtual and cryptographic filesystems, WebNFS, kernel security levels, outsourcing, legal issues, new Internet protocols and cryptographic algorithms, and much more.Practical Unix & Internet Security consists of six parts:
- Computer security basics: introduction to security problems and solutions, Unix history and lineage, and the importance of security policies as a basic element of system security.
- Security building blocks: fundamentals of Unix passwords, users, groups, the Unix filesystem, cryptography, physical security, and personnel security.
- Network security: a detailed look at modem and dialup security, TCP/IP, securing individual network services, Sun's RPC, various host and network authentication systems (e.g., NIS, NIS+, and Kerberos), NFS and other filesystems, and the importance of secure programming.
- Secure operations: keeping up to date in today's changing security world, backups, defending against attacks, performing integrity management, and auditing.
- Handling security incidents: discovering a break-in, dealing with programmed threats and denial of service attacks, and legal aspects of computer security.
- Appendixes: a comprehensive security checklist and a detailed bibliography of paper and electronic references for further reading and research.
Packed with 1000 pages of helpful text, scripts, checklists, tips, and warnings, this third edition remains the definitive reference for Unix administrators and anyone who cares about protecting their systems and data from today's threats.
into six parts; it includes 26 chapters and 5 appendixes. Part I, Computer Security Basics, provides a basic introduction to computer security, the Unix operating system, and security policy. The chapters in this book are designed to be accessible to both users and administrators. * Articles about current security tools, with detailed configuration information, appear regularly on the O’Reilly web site and the O’Reilly Network, as well as on a variety of security-related sites. In addition, see
“Buy this book and save on aspirin.” — Cliff Stoll, author of The Cuckoo’s Egg and Silicon Snake Oil “This is exactly the type of practical, easy to follow book that system administrators need to stay one step ahead of the system crackers—if you have time to read only one security book, this should be it.” — Kevin J. Ziese, Captain, United States Air Force; Chief, Countermeasures Development, AF Information Warfare Center “An important part of any system administrator’s bookshelf.” — Alec
computer worms, viruses, Trojan Horses, and other programmed threats. • Chapter 24, Denial of Service Attacks and Solutions, describes ways that both authorized users and attackers can make your system inoperable. We also explore ways that you can find out who is doing what, and what to do about it. • Chapter 25, Computer Crime. Occasionally, the only thing you can do is sue or try to have your attackers thrown in jail. This chapter describes legal recourse you may have after a security breach
up. Once a process gives up a capability, it cannot regain that capability unless it gets a copy of the capability from another process that was Restrictions on the Superuser | This is the Title of the Book, eMatter Edition Copyright © 2011 O’Reilly & Associates, Inc. All rights reserved. 119 similarly endowed. At startup, the init process generates all of the capabilities that the operating system requires for its use. As processes start their operations, they shed unneeded capabilities. In
cryptographic filesystems that encipher all the data stored on them to protect confidentiality. UFS and the Fast File System The original Unix File System (UFS) pioneered many of the concepts that are widespread in filesystems today. UFS allowed files to contain any number of bytes, rather than forcing the file to be blocked into “records.” UFS was also one of the very first tree-structured filesystems: instead of having several drives or volumes, each with its own set of directories, UFS