Practical Unix and Internet Security, 2nd Edition

This document was uploaded by one of our users. The uploader already confirmed that they had the permission to publish it. If you are author/publisher or own the copyright of this documents, please report to us by using this DMCA report form.

Simply click on the Download Book button.

Yes, Book downloads on Ebookily are 100% Free.

Sometimes the book is free on Amazon As well, so go ahead and hit "Search on Amazon"

This book is just what I was looking for. Excellent Security Guide to day to day security issues at my workplace. Information about TPC and UDP ports and their security risks have been very useful. This book must be part of every UNIX System Security Profesional.

Author(s): Simson Garfinkel, Gene Spafford PH.D.
Edition: Second Edition
Publisher: O'Reilly Media
Year: 1996

Language: English
Pages: 1032

Local Disk......Page 0
Practical UNIX & Internet Security......Page 1
Index......Page 3
Index......Page 5
Index......Page 13
Index......Page 19
Index......Page 31
Index......Page 39
Index......Page 49
Index......Page 56
Index......Page 59
Index......Page 62
Index......Page 67
Index......Page 68
Index......Page 71
Index......Page 80
Index......Page 86
Index......Page 94
Index......Page 97
Index......Page 111
Index......Page 112
Index......Page 119
Index......Page 139
Index......Page 149
Index......Page 157
Index......Page 160
Index......Page 164
Index......Page 165
Index......Page 166
[Chapter 12] 12.3 Protecting Data......Page 167
[Chapter 16] TCP/IP Networks......Page 176
[Chapter 7] Backups......Page 180
[Chapter 5] 5.2 Using File Permissions......Page 192
[Chapter 17] 17.3 Primary UNIX Network Services......Page 201
[Chapter 15] UUCP......Page 229
[Chapter 5] The UNIX Filesystem......Page 234
[Chapter 19] 19.4 Sun's Network Information Service (NIS)......Page 242
[Chapter 11] 11.5 Protecting Yourself......Page 249
[Chapter 18] 18.2 Running a Secure Server......Page 258
[Chapter 20] 20.2 Server-Side NFS Security......Page 267
[Chapter 19] 19.5 Sun's NIS+......Page 272
[Chapter 26] 26.4 Other Liability......Page 279
[Chapter 1] 1.4 Security and UNIX......Page 286
[Chapter 2] Policies and Guidelines......Page 291
[Chapter 17] 17.2 Controlling Access to Servers......Page 295
[Chapter 13] 13.2 On the Job......Page 297
[Chapter 12] 12.2 Protecting Computer Hardware......Page 301
[Chapter 8] Defending Your Accounts......Page 315
[Chapter 15] 15.4 Security in Version 2 UUCP......Page 324
[Chapter 18] 18.3 Controlling Access to Files on Your Server......Page 331
[Chapter 23] 23.2 Tips on Avoiding Security-related Bugs......Page 337
[Chapter 10] 10.3 Program-Specific Log Files......Page 345
[Chapter 18] 18.4 Avoiding the Risks of Eavesdropping......Page 350
[Chapter 10] 10.2 The acct/pacct Process Accounting File......Page 352
[Chapter 3] Users and Passwords......Page 355
[Chapter 8] 8.8 Administrative Techniques for Conventional Passwords......Page 358
[Chapter 8] 8.4 Managing Dormant Accounts......Page 367
[Chapter 8] 8.7 One-Time Passwords......Page 371
[Chapter 24] 24.4 Cleaning Up After the Intruder......Page 378
[Appendix A] UNIX Security Checklist......Page 382
[Chapter 3] 3.6 The Care and Feeding of Passwords......Page 403
[Chapter 3] 3.3 Entering Your Password......Page 409
[Chapter 10] 10.7 Handwritten Logs......Page 411
[Chapter 4] Users, Groups, and the Superuser......Page 415
[Chapter 16] 16.2 IPv4: The Internet Protocol Version 4......Page 422
[Appendix F] Organizations......Page 437
[Chapter 19] 19.3 Secure RPC (AUTH_DES)......Page 442
[Appendix C] C.4 The kill Command......Page 448
[Chapter 15] 15.7 Early Security Problems with UUCP......Page 450
[Chapter 6] 6.4 Common Cryptographic Algorithms......Page 452
[Appendix F] F.3 Emergency Response Organizations......Page 466
[Chapter 8] 8.5 Protecting the root Account......Page 476
[Chapter 11] Protecting Against Programmed Threats......Page 479
[Chapter 9] 9.2 Detecting Change......Page 488
[Chapter 14] 14.6 Additional Security for Modems......Page 495
[Chapter 14] 14.3 The RS-232 Serial Protocol......Page 497
[Chapter 14] 14.5 Modems and UNIX......Page 501
[Chapter 16] 16.3 IP Security......Page 508
[Chapter 7] 7.4 Software for Backups......Page 513
[Chapter 1] 1.3 History of UNIX......Page 518
[Chapter 2] 2.2 Risk Assessment......Page 525
[Chapter 2] 2.5 The Problem with Security Through Obscurity......Page 529
[Chapter 19] 19.2 Sun's Remote Procedure Call (RPC)......Page 533
[Chapter 25] 25.2 Overload Attacks......Page 537
[Chapter 23] 23.8 Picking a Random Seed......Page 548
[Chapter 4] 4.3 su: Changing Who You Claim to Be......Page 551
[Chapter 10] Auditing and Logging......Page 557
[Chapter 23] 23.3 Tips on Writing Network Programs......Page 566
[Chapter 3] 3.2 Passwords......Page 569
[Chapter 19] 19.6 Kerberos......Page 574
[Chapter 6] 6.5 Message Digests and Digital Signatures......Page 583
[Chapter 23] 23.5 Tips on Using Passwords......Page 589
[Chapter 2] 2.4 Policy......Page 591
[Chapter 11] 11.3 Authors......Page 597
[Chapter 7] 7.3 Backing Up System Files......Page 599
[Chapter 15] 15.6 Additional Security Concerns......Page 602
[Chapter 6] 6.2 What Is Encryption?......Page 604
[Chapter 27] Who Do You Trust?......Page 607
[Chapter 13] Personnel Security......Page 612
[Chapter 3] 3.4 Changing Your Password......Page 615
[Chapter 9] Integrity Management......Page 617
[Chapter 24] 24.2 Discovering an Intruder......Page 623
[Chapter 26] 26.2 Criminal Prosecution......Page 632
[Chapter 24] 24.5 An Example......Page 640
[Chapter 7] 7.2 Sample Backup Strategies......Page 643
[Chapter 10] 10.8 Managing Log Files......Page 649
[Chapter 6] 6.6 Encryption Programs Available for UNIX......Page 651
[Chapter 21] Firewalls......Page 664
[Chapter 14] Telephone Security......Page 675
[Chapter 10] 10.6 Swatch: A Log File Tool......Page 677
[Chapter 14] 14.4 Modems and Security......Page 681
[Chapter 8] 8.6 The UNIX Encrypted Password System......Page 687
[Chapter 17] TCP/IP Services......Page 691
[Chapter 5] 5.6 Device Files......Page 696
[Chapter 15] 15.5 Security in BNU UUCP......Page 699
[Appendix C] C.5 Starting Up UNIX and Logging In......Page 706
[Chapter 26] Computer Security and U.S. Law......Page 709
[Chapter 24] Discovering a Break-in......Page 711
[Chapter 24] 24.7 Damage Control......Page 714
[Chapter 24] 24.6 Resuming Operation......Page 715
[Chapter 25] 25.3 Network Denial of Service Attacks......Page 717
[Preface] Which UNIX System?......Page 721
[Appendix D] Paper Sources......Page 725
[Appendix C] UNIX Processes......Page 736
[Appendix B] B.3 SUID and SGID Files......Page 743
[Chapter 1] Introduction......Page 750
[Chapter 23] Writing Secure SUID and Network Programs......Page 754
[Chapter 27] 27.2 Can You Trust Your Suppliers?......Page 759
[Appendix E] Electronic Resources......Page 765
Preface......Page 770
[Chapter 25] Denial of Service Attacks and Solutions......Page 775
[Chapter 2] 2.3 Cost-Benefit Analysis......Page 777
[Chapter 6] 6.7 Encryption and U.S. Law......Page 781
[Chapter 5] 5.5 SUID......Page 784
[Chapter 5] 5.9 Oddities and Dubious Ideas......Page 791
[Appendix E] E.4 Software Resources......Page 794
[Chapter 27] 27.3 Can You Trust People?......Page 801
[Chapter 18] WWW Security......Page 805
[Chapter 9] 9.3 A Final Note......Page 808
[Chapter 15] 15.2 Versions of UUCP......Page 809
[Chapter 8] 8.2 Monitoring File Format......Page 811
[Chapter 5] 5.8 chgrp: Changing a File's Group......Page 812
[Appendix C] C.2 Creating Processes......Page 814
[Chapter 8] 8.3 Restricting Logins......Page 816
[Chapter 5] 5.7 chown: Changing a File's Owner......Page 818
[Chapter 23] 23.4 Tips on Writing SUID/SGID Programs......Page 820
[Chapter 26] 26.3 Civil Actions......Page 822
[Appendix E] E.3 WWW Pages......Page 824
[Chapter 18] 18.6 Dependence on Third Parties......Page 826
[Chapter 10] 10.5 The UNIX System Log (syslog) Facility......Page 828
[Chapter 6] Cryptography......Page 835
[Chapter 10] 10.4 Per-User Trails in the Filesystem......Page 839
[Chapter 11] 11.2 Damage......Page 841
[Chapter 1] 1.2 What Is an Operating System?......Page 842
[Chapter 19] 19.7 Other Network Authentication Systems......Page 844
[Chapter 16] 16.4 Other Network Protocols......Page 846
[Chapter 5] 5.4 Using Directory Permissions......Page 848
[Chapter 1] 1.5 Role of This Book......Page 851
[Chapter 23] 23.7 UNIX Pseudo-Random Functions......Page 853
[Chapter 11] 11.6 Protecting Your System......Page 855
[Chapter 12] 12.4 Story: A Failed Site Inspection......Page 858
[Chapter 13] 13.3 Outsiders......Page 861
[Chapter 6] 6.3 The Enigma Encryption System......Page 862
[Chapter 17] 17.4 Security Implications of Network Services......Page 865
[Chapter 4] 4.2 Special Usernames......Page 868
[Chapter 20] NFS......Page 873
[Chapter 15] 15.3 UUCP and Security......Page 884
[Chapter 21] 21.4 Setting Up the Gate......Page 887
[Chapter 21] 21.5 Special Considerations......Page 893
[Appendix G] Table of IP Services......Page 895
[Chapter 22] 22.5 UDP Relayer......Page 904
[Chapter 20] 20.4 Improving NFS Security......Page 905
[Chapter 15] 15.8 UUCP Over Networks......Page 911
[Chapter 23] 23.6 Tips on Generating Random Numbers......Page 912
[Chapter 5] 5.3 The umask......Page 914
[Chapter 23] 23.9 A Good Random Seed Generator......Page 917
[Chapter 12] Physical Security......Page 920
[Chapter 17] 17.6 Network Scanning......Page 923
[Chapter 24] 24.3 The Log Files: Discovering an Intruder's Tracks......Page 925
[Chapter 18] 18.5 Risks of Web Browsers......Page 927
[Chapter 22] 22.4 SOCKS......Page 930
[Chapter 20] 20.3 Client-Side NFS Security......Page 938
[Appendix F] F.2 U. S. Government Organizations......Page 940
[Chapter 17] 17.5 Monitoring Your Network with netstat......Page 942
[Chapter 17] 17.7 Summary......Page 944
[Chapter 19] RPC, NIS, NIS+, and Kerberos......Page 945
[Chapter 11] 11.4 Entry......Page 948
[Chapter 3] 3.7 One-Time Passwords......Page 950
[Chapter 3] 3.5 Verifying Your New Password......Page 951
[Chapter 3] 3.8 Summary......Page 954
[Chapter 21] 21.2 Building Your Own Firewall......Page 955
[Appendix D] D.2 Security Periodicals......Page 959
[Chapter 18] 18.7 Summary......Page 962
[Chapter 14] 14.2 Serial Interfaces......Page 963
[Appendix C] C.3 Signals......Page 965
[Chapter 16] 16.5 Summary......Page 968
[Chapter 27] 27.4 What All This Means......Page 969
[Chapter 5] 5.10 Summary......Page 970
[Appendix E] E.2 Usenet Groups......Page 971
[Chapter 15] 15.9 Summary......Page 973
[Preface] Scope of This Book......Page 974
[Preface] Conventions Used in This Book......Page 978
[Preface] Online Information......Page 980
[Preface] Acknowledgments......Page 981
[Preface] Comments and Questions......Page 984
[Preface] A Note to Computer Crackers......Page 985
[Part I] Computer Security Basics......Page 986
[Part II] User Responsibilities......Page 987
[Chapter 4] 4.4 Summary......Page 988
[Part III] System Security......Page 989
[Part IV] Network and Internet Security......Page 990
[Chapter 20] 20.5 Some Last Comments......Page 991
[Part V] Advanced Topics......Page 994
[Chapter 22] Wrappers and Proxies......Page 995
[Chapter 21] 21.3 Example: Cisco Systems Routers as Chokes......Page 997
[Chapter 21] 21.6 Final Comments......Page 1002
[Chapter 22] 22.2 sendmail (smap/smapd) Wrapper......Page 1005
[Chapter 22] 22.3 tcpwrapper......Page 1010
[Chapter 22] 22.6 Writing Your Own Wrappers......Page 1019
[Part VI] Handling Security Incidents......Page 1023
[Part VII] Appendixes......Page 1024
[Appendix B] Important Files......Page 1025
[Appendix B] B.2 Important Files in Your Home Directory......Page 1032