Practical Unix & Internet Security, 3rd Edition
Format: PDF / Kindle (mobi) / ePub
When Practical Unix Security was first published more than a decade ago, it became an instant classic. Crammed with information about host security, it saved many a Unix system administrator from disaster. The second edition added much-needed Internet security coverage and doubled the size of the original volume. The third edition is a comprehensive update of this very popular book - a companion for the Unix/Linux system administrator who needs to secure his or her organization's system, networks, and web presence in an increasingly hostile world.Focusing on the four most popular Unix variants today--Solaris, Mac OS X, Linux, and FreeBSD--this book contains new information on PAM (Pluggable Authentication Modules), LDAP, SMB/Samba, anti-theft technologies, embedded systems, wireless and laptop issues, forensics, intrusion detection, chroot jails, telephone scanners and firewalls, virtual and cryptographic filesystems, WebNFS, kernel security levels, outsourcing, legal issues, new Internet protocols and cryptographic algorithms, and much more.Practical Unix & Internet Security consists of six parts:
- Computer security basics: introduction to security problems and solutions, Unix history and lineage, and the importance of security policies as a basic element of system security.
- Security building blocks: fundamentals of Unix passwords, users, groups, the Unix filesystem, cryptography, physical security, and personnel security.
- Network security: a detailed look at modem and dialup security, TCP/IP, securing individual network services, Sun's RPC, various host and network authentication systems (e.g., NIS, NIS+, and Kerberos), NFS and other filesystems, and the importance of secure programming.
- Secure operations: keeping up to date in today's changing security world, backups, defending against attacks, performing integrity management, and auditing.
- Handling security incidents: discovering a break-in, dealing with programmed threats and denial of service attacks, and legal aspects of computer security.
- Appendixes: a comprehensive security checklist and a detailed bibliography of paper and electronic references for further reading and research.
Packed with 1000 pages of helpful text, scripts, checklists, tips, and warnings, this third edition remains the definitive reference for Unix administrators and anyone who cares about protecting their systems and data from today's threats.
Unclassified information could all coexist on the same computer: the Multics system was designed to prevent information that had been classified at one level from finding its way into the hands of someone who had not been cleared to see that information. Multics eventually provided a level of security and service that is still unequaled by many of today’s computer systems— including, perhaps, Unix. Great plans, but in 1969 the Multics project was far behind schedule. Its creators had promised far
responsible for the protection of all information and information-processing capabilities belonging to Big Whammix, whether located on company property or not. He will have authority to act commensurate with this responsibility, with the approval of the President of Big Whammix. The CIH shall formulate appropriate standards and guidelines, according to good business practice, to ensure the protection and continued operation of information processing. In this example policy, note particularly the
user’s account is created. Groups can be used by the system administrator to designate sets of users who are allowed to read, write, and/or execute specific files, directories, or devices. Each user belongs to a primary group that is stored in the /etc/passwd file. The GID of the user’s primary group follows the user’s UID. Historically, every Unix user was Users and Groups | This is the Title of the Book, eMatter Edition Copyright © 2011 O’Reilly & Associates, Inc. All rights reserved. 101
although this does not work under every version of Unix. With some versions of rm, an empty option is a single hyphen. On others, it’s a double hyphen: % rm - -foo % rm -- -foo If you have a file that has control characters in it, you can use the rm command with the -i option and an asterisk, which gives you the option of removing each file in the directory—even the ones that you can’t type. % rm -i * rm: remove faq.html (y/n)? n rm: remove foo (y/n)? y % The -i option may also be helpful when
sample message was encrypted with the DES algorithm, which has a 56-bit key. Each bit in the 56-bit key can be a 1 or a 0. As a result, there are 256—that is, 72,057,594,037,900,000—different keys. Although this may seem like a lot of keys, it really isn’t. If you could try a billion keys each second and could recognize the correct key when you found it (quite possible with a network of modern computers), you could try all possible keys in a little less than 834 days. And, in fact, DES is even