Preface

It's been 11 years since the publication of Practical Unix Security—and 6 years since Practical Unix and Internet Security was published—and oh, what a difference that time has made!

In 1991, the only thing that most Americans knew about Unix and the Internet was that they were some sort of massive computer network that had been besieged by a "computer virus" in 1988. By 1996, when our second edition was published, the Internet revolution was just beginning to take hold, with more than 10 million Americans using the Internet on a regular basis to send electronic mail, cruise the World Wide Web, and sometimes even shop.

Today it is increasingly difficult for people in much of the world to remember the pre-Internet era. Perhaps 500 million people around the world now use the Internet, with several billion more touched by it in some manner. In the United States more than half the population uses the Internet on a daily basis. We have watched an Internet revolution become a dot-com craze, which then became a bust. And nobody remembers that 1988 Internet worm anymore—these days, most Internet users are bombarded by network worms on a daily basis.

Despite our greater reliance on network computing, the Internet isn't a safer place today than it was in 1991 or in 1996. If anything, the Internet is considerably less secure. Security mishaps on the Internet continue to be front-page stories in newspapers throughout the world. Sadly, these flaws continue to be accommodated rather than corrected.^[1] The results are increasingly disastrous. The second edition of this book, for example, noted a security incident in which 20,000 people had their credit card numbers stolen from an Internet service provider; a few months before this third edition went to print, attackers broke into a system operated for the State of California and downloaded personal information on 262,000 state employees. Included in the haul were names, addresses, Social Security numbers—everything needed for identity theft.^[2]

^[1] We do note, however, that the vast majority of viruses, worms, security flaws, and incidents tend to occur in non-Unix systems.

^[2] http://www.gocsi.com/press/20020407.html

Computer crime and the threat of cyberterrorism continue to be growing problems. Every year the Computer Security Institute (CSI) and the San Francisco Federal Bureau of Investigation (FBI) Computer Intrusion Squad survey organizations to find their current level of computer crime and intrusions. The 2002 survey had 503 responses from security practitioners in U.S. corporations, government agencies, financial institutions, medical institutions, and universities. Some of the results of the survey include:

Ninety percent of respondents (primarily large corporations and government agencies) detected computer security breaches within the last 12 months.^[3]

^[3] This may mean the others had incidents too, but were unable to detect them or declined to report them.
Eighty percent acknowledged financial losses as a result of system security breaches.
The combined loss of the 223 respondents who gave dollar values for their annual loss was more than $456 million, of which $171 million was the theft of proprietary information, and $116 million was financial fraud.
Contrary to conventional wisdom that insiders are a bigger threat than outsiders, 74% of respondents cited their Internet connection as a frequent point of attack, versus 33% who cited their internal systems as a frequent point of attack. (Of course, insiders could be attacking through the Internet to make themselves look like outsiders.)
Slightly more than one-third (34%) reported the intrusions to law enforcement—up from 16% reporting in 1996.

Incidents reported included:

Computer viruses (85%)
Employees abusing their Internet connection, such as downloading pornography or pirated software, or sending inappropriate email (78%)
Penetration from outside the organization (40%)
Denial of service (DOS) attacks (40%)
Unauthorized access or misuse of the company's web sites (38%)

One quarter of the respondents who suffered attacks said that they had experienced between 2 and 5 incidents; 39% said that they had experienced 10 or more incidents. The average reported financial loss per company per year was in excess of $2 million.

What do all of these numbers mean for Unix? To be sure, most of the systems in use today are based on Microsoft's Windows operating system. Unix and Unix variants are certainly more secure than Windows, for reasons that we'll discuss in this book. Nevertheless, experience tells us that a poorly-administered Unix computer can be just as vulnerable as a typical Windows system: if you have a vulnerability that is known, an attacker can find it, exploit it, and take over your computer. It is our goal in this book to show you how to prevent yourself from ever experiencing this fate—and if you do, it is our goal to tell you what to do about it.