Scope of This Book
This book is divided into six parts; it includes 26 chapters and 5
Part I, provides a basic introduction to
computer security, the Unix operating system, and security policy.
The chapters in this book are designed to be accessible to both users
Chapter 1, takes a very basic look at several
basic questions: What is computer security? What is an operating
system? What is a deployment environment? It also introduces basic
terms we use throughout the book.
Chapter 2, explores the history of the Unix
operating system, and discusses the way that Unix history has
affected Unix security.
Chapter 3, examines the role of setting good
policies to guide the protection of your systems. It also describes
the trade-offs you will need to make to account for cost, risk, and
Part II, provides a basic introduction to Unix
host security. The chapters in this part of the book are also
designed to be accessible to both users and administrators.
Chapter 4, is about Unix user accounts. It
discusses the purpose of passwords, explains what makes good and bad
passwords, and describes how the crypt( )
password encryption system works.
Chapter 5, describes how Unix groups can be used
to control access to files and devices. It discusses the Unix
superuser and the role that special users play. This chapter also
introduces the Pluggable Authentication Module (PAM) system.
Chapter 6, discusses the security provisions of
the Unix filesystem and tells how to restrict access to files and
directories to the file's owner, to a group of
people, or to everybody using the computer system.
Chapter 7, discusses the role of encryption and
message digests in protecting your security.
Chapter 8. What if somebody gets frustrated by
your super-secure system and decides to smash your computer with a
sledgehammer? This chapter describes physical perils that face your
computer and its data and discusses ways of protecting against them.
Chapter 9, explores who you employ and how they
fit into your overall security scheme.
Part III, describes the ways in which individual
Unix computers communicate with one another and the outside world,
and the ways in which these systems can be subverted by attackers who
are trying to break into your computer system. Because many attacks
come from the outside, this part of the book is vital reading for
anyone whose computer has outside connections.
Chapter 10, describes how modems work and provides
step-by-step instructions for testing your
computer's modems to see if they harbor potential
Chapter 11, provides background on how TCP/IP
networking programs work and describes the security problems they
Chapter 12, the longest chapter in this book,
explores the most common TCP and UDP services and how you can secure
Chapter 13, one of the shortest chapters in the
book, looks at the Remote Procedure Call system developed in the
1980s by Sun Microsystems. This RPC system is the basis of NFS and a
number of other network-based services.
Chapter 14, discusses services for authenticating
individuals over a network: NIS, NIS+, Kerberos, and LDAP. It
continues the discussion of the PAM system.
Chapter 15, describes both Sun
Microsystems' Network Filesystem (NFS) and the
Windows-compatible Server Message Block (SMB)—in particular,
the Samba system.
Chapter 16, describes common pitfalls you might
encounter when writing your own software. It gives tips on how to
write robust software that will resist attack from malicious users.
This information is particularly important when developing network
Part IV, is directed primarily towards Unix
system administrators. It describes how to configure Unix on your
computer to minimize the chances of a break-in, as well as to limit
the opportunities for a nonprivileged user to gain superuser access.
Chapter 17, discusses strategies for downloading
security patches and keeping your operating system up to date.
Chapter 18, discusses why and how to make archival
backups of your storage. It includes discussions of backup strategies
for different types of organizations.
Chapter 19, describes ways that an attacker might
try to initially break into your computer system. By finding these
"doors" and closing them, you
increase the security of your system.
Chapter 20, discusses how to monitor your
filesystem for unauthorized changes. This chapter includes coverage
of the use of message digests and read-only disks, and the
configuration and use of the Tripwire utility.
Chapter 21, discusses the logging mechanisms that
Unix provides to help you audit the usage and behavior of your
Part V, contains instructions for what to do
if your computer's security is compromised. This
part of the book will also help system administrators protect their
systems from authorized users who are misusing their privileges.
Chapter 22, contains step-by-step directions to
follow if you discover that an unauthorized person is using your
Chapter 23, discusses approaches for handling
computer worms, viruses, Trojan Horses, and other programmed threats.
Chapter 24, describes ways that both authorized
users and attackers can make your system inoperable. We also explore
ways that you can find out who is doing what, and what to do about
Chapter 25. Occasionally, the only thing you can do
is sue or try to have your attackers thrown in jail. This chapter
describes legal recourse you may have after a security breach and
discusses why legal approaches are often not helpful. It also covers
some emerging concerns about running server sites connected to a wide
area network such as the Internet.
Chapter 26, makes the point that somewhere along
the line, you need to trust a few things, and people. We hope you are
trusting the right ones.
Part VI, contains a number of useful lists and
Appendix A, contains a point-by-point list of many
of the suggestions made in the text of the book.
Appendix B, is a technical discussion of how the
Unix system manages processes. It also describes some of the special
attributes of processes, including the UID, GID, and SUID.
Appendix C, lists books, articles, and magazines
about computer security.
Appendix D, is a brief listing of some significant
security tools to use with Unix, including descriptions of where to
find them on the Internet.
Appendix E, contains the names, telephone numbers,
and addresses of organizations that are devoted to ensuring that
computers become more secure.