Scope of This Book
This book is divided into six parts; it includes 27 chapters and 7 appendixes.
Part I, Computer Security Basics , provides a basic introduction to security policy. The chapters are written to be accessible to both users and administrators.
Chapter 1, Introduction , provides a history of the UNIX operating system and an introduction to UNIX security. It also introduces basic terms we use throughout the book.
Chapter 2, Policies and Guidelines , examines the role of setting good policies to guide protection of your systems. It also describes the trade-offs that must be made to account for cost, risk, and corresponding benefits.
Part II, User Responsibilities , provides a basic introduction to UNIX host security. The chapters are written to be accessible to both users and administrators.
Chapter 3 is about UNIX user accounts. It discusses the purpose of passwords, explains what makes good and bad passwords, and describes how the crypt( ) password encryption system works.
Chapter 4, Users, Groups, and the Superuser , and the Superuser, describes how UNIX groups can be used to control access to files and devices. It also discusses the UNIX superuser and the role that special users play.
Chapter 5, The UNIX Filesystem , discusses the security provisions of the UNIX filesystem and tells how to restrict access to files and directories to the file's owner, to a group of people, or to everybody on the computer system.
Chapter 6, Cryptography , discusses the role of encryption and message digests in your security. It includes a discussion of several popular encryption schemes, including the PGP mail package
Part III, System Security , is directed primarily towards the UNIX system administrator. It describes how to configure UNIX on your computer to minimize the chances of a break-in, as well as to limit the opportunities for a nonprivileged user to gain superuser access.
Chapter 7, Backups , discusses how and why to make archival backups of your storage. It includes discussions of backup strategies for different types of organizations.
Chapter 8, Defending Your Accounts , describes ways that a computer cracker might try to initially break into your computer system. By knowing these "doors" and closing them, you increase the security of your system.
Chapter 9, Integrity Management , discusses how to monitor your filesystem for unauthorized changes. This includes coverage of the use of message digests and read-only disks, and the configuration and use of the Tripwire utility.
Chapter 10, Auditing and Logging , discusses the logging mechanisms that UNIX provides to help you audit the usage and behavior of your system.
Chapter 11, Protecting Against Programmed Threats , is about computer viruses, worms, and Trojan horses. This chapter contains detailed tips that you can use to protect yourself from these electronic vermin.
Chapter 12, Physical Security . What if somebody gets frustrated by your super-secure system and decides to smash your computer with a sledgehammer? This chapter describes physical perils that face your computer and its data and discusses ways of protecting them.
Chapter 13, Personnel Security , examines concerns about who you employ and how they fit into your overall security scheme.
Part IV, Network and Internet Security , is about the ways in which individual UNIX computers communicate with one another and the outside world, and the ways that these systems can be subverted by attackers to break into your computer system. Because many attacks come from the outside, this part of the book is vital reading for anyone whose computer has outside connections.
Chapter 14, Telephone Security , describes how modems work and provides step-by-step instructions for testing your computer's modems to see if they harbor potential security problems.
Chapter 15, UUCP , is about the UNIX -to- UNIX copy system, which can use standard phone lines to copy files, transfer electronic mail, and exchange news. This chapter explains how UUCP works and tells you how to make sure that it can't be subverted to damage your system.
Chapter 16, TCP/IP Networks , provides background on how TCP/IP networking programs work and describes the security problems they pose.
Chapter 17, TCP/IP Services , discusses the common IP network services found on UNIX systems, coupled with common problems and pitfalls.
Chapter 18, WWW Security , describes some of the issues involved in running a World Wide Web server without opening your system to security problems. The issues discussed here should also be borne in mind when operating any other kind of network-based information server.
Chapter 19, RPC, NIS, NIS+, and Kerberos , discusses a variety of network information services. It covers some of how they work, and common pitfalls.
Chapter 20, NFS , describes how Sun Microsystems' Network Filesystem works and its potential security problems.
Part V, Advanced Topics , discusses issues that arise when organizational networks are interconnected with the Internet. It also covers ways of increasing your security through better programming.
Chapter 21, Firewalls , describes how to set up various types of firewalls to protect an internal network from an external attacker.
Chapter 22, Wrappers and Proxies , describes a few common wrapper and proxying programs to help protect your machine and the programs within it without requiring access to source code.
Chapter 23, Writing Secure SUID and Network Programs , describes common pitfalls when writing your own software. It gives tips on how to write robust software that will resist attack from malicious users.
Part VI, Handling Security Incidents , contains instructions about what to do if your computer's security is compromised. This part of the book will also help system administrators protect their systems from authorized users who are misusing their privileges.
Chapter 24, Discovering a Break-in , contains step-by-step directions to follow if you discover that an unauthorized person is using your computer.
Chapter 25, Denial of Service Attacks and Solutions , describes ways that legitimate, authorized users can make your system inoperable, ways that you can find out who is doing what, and what to do about it.
Chapter 26, Computer Security and U.S. Law . Occasionally the only thing you can do is sue or try to have your attackers thrown into jail. This chapter describes the legal recourse you may have after a security breach and discusses why legal approaches are often not helpful. It also covers some emerging concerns about running server sites connected to a wide area network such as the Internet.
Chapter 27, Who Do You Trust? , is the concluding chapter that makes the point that somewhere along the line, you need to trust a few things, and people. However, are you trusting the right ones?
Part VII, Appendixes , contains a number of useful lists and references.
Appendix A, UNIX Security Checklist , contains a point-by-point list of many of the suggestions made in the text of the book.
Appendix B, Important Files , is a list of the important files in the UNIX filesystem and a brief discussion of their security implications.
Appendix C, UNIX Processes , is a technical discussion of how the UNIX system manages processes. It also describes some of the special attributes of processes, including the UID , GID , and SUID .
Appendix D lists books, articles, and magazines about computer security.
Appendix E, Electronic Resources , is a brief listing of some significant security tools to use with UNIX , including directions on where to find them on the Internet.
Appendix F, Organizations , contains the names, telephone numbers, and addresses of organizations that are devoted to seeing computers become more secure.
Appendix G, Table of IP Services , lists all of the common TCP/IP protocols, along with their port numbers and suggested handling by a firewall.