In 1991, the only thing that most Americans knew about UNIX and the Internet was that it was the venue that had been besieged by a "computer virus" in 1988. Today, more than 10 million Americans use the Internet on a regular basis to send electronic mail, cruise the World Wide Web, and even shop. In 1991, we called the Internet a "global village." Today, it is an Information Highway that's getting larger and more crowded by the minute, with millions of users from hundreds of countries on all seven continents electronically connected to each other.
And yet, despite our greater reliance on network computing, the Internet isn't a safer place today than it was in 1991. If anything, the Internet is quickly becoming the Wild West of cyberspace. Although academics and industry leaders have long known about fundamental vulnerabilities of computers connected to the Internet, these flaws have been accommodated rather than corrected. As a result, we have seen many cases within the past few years of wide-scale security infractions throughout the network; in one single case, more than 30,000 people had their passwords stolen and accounts compromised; in another, more than 20,000 credit card numbers were allegedly stolen from one company in a single unauthorized access.
Computer crime is a growing problem. One recent study by the Yankee Group, a research analysis firm, estimated that losses of productivity, customer confidence, and competitive advantage as a result of computer security breaches could cost U.S. businesses alone more than $5 billion annually. Other studies, cited in a 1995 Computer Security Institute publication, Current and Future Danger, indicated:
Another 1995 study, Computer Crime in America, reported that:
In late 1995, the magazine Information Week and the accounting firm Ernst & Young conducted a survey of major companies in America and found that more than 20 had lost more than $1 million worth of information as a result of a security lapse in the previous two years. The survey also found that more than 80% had a full-time information security director, and nearly 70% thought that the computer security threat to companies had increased within the past five years.
What do all of these numbers mean for UNIX ? Because of the widespread use of UNIX as the operating system of choice on the Internet, and its prevalence in client/server environments, it is undoubtedly the case that many UNIX machines were involved in these incidents. Because of its continuing use in these environments, UNIX may be involved in the majority of incidents yet to come-the statistics and trends are disturbing. We hope that this new edition of our book helps limit the scope and number of these new incidents.
When the first version of this book appeared in 1991, many people thought that the words " UNIX security" were an oxymoron-two words that appeared to contradict each other, much like the words "jumbo shrimp" or "Congressional action." After all, the ease with which a UNIX guru could break into a system, seize control, and wreak havoc was legendary in the computer community. Some people couldn't even imagine that a computer running UNIX could be made secure.
Since then, the whole world of computers has changed. These days, many people regard UNIX as a relatively secure operating system...at least, they use UNIX as if it were. Today, UNIX is used by millions of people and many thousands of organizations around the world, all without obvious major mishap. And while UNIX was not designed with military-level security in mind, it was built both to withstand limited external attacks and to protect users from the accidental or malicious actions of other users on the system. Years of constant use and study have made the operating system even more secure, because most of the UNIX security faults are publicized and fixed.
But the truth is, UNIX really hasn't become significantly more secure with its increase in popularity. That's because fundamental flaws still remain in the interaction of the operating system's design and its uses. The UNIX superuser remains a single point of attack: any intruder or insider who can become the UNIX superuser can take over the system, booby-trap its programs, and hold the computer's users hostage-sometimes even without their knowledge.
One thing that has improved is our understanding of how to keep a computer relatively secure. In recent years, a wide variety of tools and techniques have been developed with the single goal of helping system administrators secure their UNIX computers. Another thing that's changed is the level of understanding of UNIX by system administrators: now it is relatively easy for companies and other organizations to hire a professional system manager who will be concerned about computer security and make it a top priority.
This book can help.
This book is a practical guide to UNIX security. For users, we explain what computer security is, describe some of the dangers that you may face, and tell you how to keep your data safe and sound. For administrators, we explain in greater detail how UNIX security mechanisms work and tell how to configure and administer your computer for maximum protection. For everybody, we try to teach something about UNIX 's internals, its history, and how to keep yourself from getting burned.
Is this book for you? Probably. If you administer a UNIX system, you will find many tips for running your computer more securely. Even if you're a casual user of a UNIX system, you should read this book. If you are a complete novice at UNIX , you will benefit from reading this book, because it contains a thorough overview of the UNIX operating system in general. You don't want to stay a UNIX novice forever! (But you might want to read some other O'Reilly books first; consult Appendix D, Paper Sources , for some suggestions.)
What we've done here has been to collect helpful information concerning how to secure your UNIX system against threats, both internal and external. Most of the material is intended for a UNIX system administrator or manager. In most cases, we've presented material and commands without explaining in any detail how they work, and in several cases we've simply pointed out the nature of the commands and files that need to be examined; we've assumed that a typical system administrator is familiar with the commands and files of his or her system, or at least has the manuals available to study.
Certain key parts of this book were written in greater detail than the rest, with a novice user in mind. We have done this for two reasons: to be sure that important UNIX security concepts are presented to the fullest and to make important sections (such as the ones on file permissions and passwords) readable on their own. That way, this book can be passed around with a note saying, "Read Chapter 3, Users and Passwords to learn about how to set passwords."
This book is not intended to be a UNIX tutorial. Neither is this book a system administration tutorial-there are better books for that, and good system administrators need to know about much more than security. Use this book as an adjunct to tutorials and administration guides.
This book is also not a general text on computer security-we've tried to keep the formalisms to a minimum. Thus, this is not a book that is likely to help you design new security mechanisms for UNIX , although we have included a chapter on how to write more secure programs.
We've also tried to minimize the amount of information in this book that would be useful to people trying to break into computer systems. If that is your goal, then this book probably isn't for you.
We have also tried to resist the temptation to suggest:
The reason has to do with our definition of practical . For security measures to be effective, they need to be generally applicable. Most users of commercial systems do not have access to the source code, and many don't even have access to compilers for their systems. Public domain sources for some replacement commands are unlikely to have support for the special features different vendors add to their systems. If we were to suggest changes, they might not be applicable to every platform of interest.
There is also a problem associated with managing wide-scale changes. Not only may changes make the system more difficult to maintain, but changes may be impossible to manage across dozens of architectures in different locations and configurations. They also will make vendor maintenance more difficult-how can vendors respond to bug reports for software that they didn't provide?
Last of all, we have seen many programs and suggested fixes posted on the Internet that are incorrect or even dangerous. Many administrators of commercial and academic systems do not have the necessary expertise to evaluate the overall security impact of changes to their system's kernel, architecture, or commands. If you routinely download and install third-party patches and programs to improve your system's security, your overall security may well be worse in the long term.
For all of these reasons, our emphasis is on using tools provided with your operating systems. Where there are exceptions to this rule, we will explain our reasoning.