Practical UNIX and Internet Security. 3rd Edition

Autorzy:: Simson Garfinkel, Gene Spafford, Alan Schwartz

Practical UNIX and Internet Security. 3rd Edition Simson Garfinkel, Gene Spafford, Alan Schwartz - okladka książki

Wydawnictwo:: O'Reilly Media (Z chęcią przeczytam książkę w języku polskim)
Ocena:: Bądź pierwszym, który oceni tę książkę
Stron:: 988
Dostępne formaty:: ePub

Mobi

Ebook 160,65 zł najniższa cena z 30 dni

~~199,00 zł~~ (-15%)
169,14 zł

Dodaj do koszyka lub Kup na prezent Kup 1-kliknięciem

160,65 zł najniższa cena z 30 dni

Przenieś na półkę

Do przechowalni

When Practical Unix Security was first published more than a decade ago, it became an instant classic. Crammed with information about host security, it saved many a Unix system administrator from disaster. The second edition added much-needed Internet security coverage and doubled the size of the original volume. The third edition is a comprehensive update of this very popular book - a companion for the Unix/Linux system administrator who needs to secure his or her organization's system, networks, and web presence in an increasingly hostile world.Focusing on the four most popular Unix variants today--Solaris, Mac OS X, Linux, and FreeBSD--this book contains new information on PAM (Pluggable Authentication Modules), LDAP, SMB/Samba, anti-theft technologies, embedded systems, wireless and laptop issues, forensics, intrusion detection, chroot jails, telephone scanners and firewalls, virtual and cryptographic filesystems, WebNFS, kernel security levels, outsourcing, legal issues, new Internet protocols and cryptographic algorithms, and much more.Practical Unix & Internet Security consists of six parts:

Computer security basics: introduction to security problems and solutions, Unix history and lineage, and the importance of security policies as a basic element of system security.
Security building blocks: fundamentals of Unix passwords, users, groups, the Unix filesystem, cryptography, physical security, and personnel security.
Network security: a detailed look at modem and dialup security, TCP/IP, securing individual network services, Sun's RPC, various host and network authentication systems (e.g., NIS, NIS+, and Kerberos), NFS and other filesystems, and the importance of secure programming.
Secure operations: keeping up to date in today's changing security world, backups, defending against attacks, performing integrity management, and auditing.
Handling security incidents: discovering a break-in, dealing with programmed threats and denial of service attacks, and legal aspects of computer security.
Appendixes: a comprehensive security checklist and a detailed bibliography of paper and electronic references for further reading and research.

Packed with 1000 pages of helpful text, scripts, checklists, tips, and warnings, this third edition remains the definitive reference for Unix administrators and anyone who cares about protecting their systems and data from today's threats.

Wybrane bestsellery

Ebooka "Practical UNIX and Internet Security. 3rd Edition" przeczytasz na:

czytnikach Inkbook, Kindle, Pocketbook, Onyx Boox i innych
systemach Windows, MacOS i innych

systemach Windows, Android, iOS, HarmonyOS
na dowolnych urządzeniach i aplikacjach obsługujących formaty: PDF, EPub, Mobi

Masz pytania? Zajrzyj do zakładki Pomoc »

Audiobooka "Practical UNIX and Internet Security. 3rd Edition" posłuchasz:

w aplikacji Ebookpoint na Android, iOS, HarmonyOs
na systemach Windows, MacOS i innych

na dowolonych urządzeniach
i aplikacjach obsługujących format MP3
(pliki spakowane w ZIP)

Masz pytania? Zajrzyj do zakładki Pomoc »

Kurs Video "Practical UNIX and Internet Security. 3rd Edition" zobaczysz:

Oceny i opinie klientów: Practical UNIX and Internet Security. 3rd Edition Simson Garfinkel, Gene Spafford, Alan Schwartz (0)

Szczegóły książki

ISBN Ebooka:: 978-14-493-1012-7, 9781449310127
Data wydania ebooka :: 2003-02-21 Data wydania ebooka często jest dniem wprowadzenia tytułu do sprzedaży i może nie być równoznaczna z datą wydania książki papierowej. Dodatkowe informacje możesz znaleźć w darmowym fragmencie. Jeśli masz wątpliwości skontaktuj się z nami sklep@ebookpoint.pl.
Język publikacji:: angielski
Rozmiar pliku ePub:: 2.2MB
Rozmiar pliku Mobi:: 7.8MB

Zgłoś erratę

Kategorie

Kliknij, aby zgłosić błędnie przypisaną kategorię »

Informatyka » Hacking » Bezpieczeństwo systemów
Informatyka » Hacking » Inne
Informatyka » Systemy operacyjne » Unix

Spis treści książki

Practical Unix & Internet Security, 3rd Edition
- SPECIAL OFFER: Upgrade this ebook with OReilly
- A Note Regarding Supplemental Files
- Preface
  - Unix Security?
    - What This Book Is
    - What This Book Is Not
    - Third-Party Security Tools
  - Scope of This Book
  - Which Unix System?
    - Versions Covered in This Book
    - Secure Versions of Unix
  - Conventions Used in This Book
  - Comments and Questions
  - Acknowledgments
    - Third Edition
    - Second Edition
    - First Edition
  - A Note to Would-Be Attackers
- I. Computer Security Basics
  - 1. Introduction: Some Fundamental Questions
    - What Is Computer Security?
    - What Is an Operating System?
    - What Is a Deployment Environment?
    - Summary
  - 2. Unix History and Lineage
    - History of Unix
      - Multics: The Unix Prototype
      - The Birth of Unix
        
        Unix escapes AT&T
        
        Unix goes commercial
        
        The Unix Wars: Why Berkeley 4.2 over System V
        
        Unix Wars 2: SVR4 versus OSF/1
      - Free Unix
        
        FSF and GNU
        
        Minix
        
        Xinu
        
        Linux
        
        NetBSD, FreeBSD, and OpenBSD
        
        Businesses adopt Unix
      - Second-Generation Commercial Unix Systems
      - What the Future Holds
    - Security and Unix
      - Expectations
      - Software Quality
      - Add-on Functionality Breeds Problems
      - The Failed P1003.1e/2c Unix Security Standard
    - Role of This Book
    - Summary
  - 3. Policies and Guidelines
    - Planning Your Security Needs
      - Types of Security
      - Trust
    - Risk Assessment
      - Steps in Risk Assessment
        
        Identifying assets
        
        Identifying threats
      - Review Your Risks
    - Cost-Benefit Analysis and Best Practices
      - The Cost of Loss
      - The Probability of a Loss
      - The Cost of Prevention
      - Adding Up the Numbers
      - Best Practices
      - Convincing Management
    - Policy
      - The Role of Policy
      - Standards
      - Guidelines
      - Some Key Ideas in Developing a Workable Policy
        
        Assign an owner
        
        Be positive
        
        Remember that employees are people too
        
        Concentrate on education
        
        Have authority commensurate with responsibility
        
        Be sure you know your security perimeter
        
        Pick a basic philosophy
        
        Defend in depth
      - Risk Management Means Common Sense
    - Compliance Audits
    - Outsourcing Options
      - Formulating Your Plan of Action
      - Choosing a Vendor
        
        Get a referral and insist on references
        
        Beware of soup-to-nuts
        
        Insist on breadth of background
        
        People
        
        Reformed hackers
      - Monitoring Services
      - Final Words on Outsourcing
    - The Problem with Security Through Obscurity
      - Keeping Secrets
      - Responsible Disclosure
    - Summary
- II. Security Building Blocks
  - 4. Users, Passwords, and Authentication
    - Logging in with Usernames and Passwords
      - Unix Usernames
      - Authenticating Users
      - Authenticating with Passwords
        
        Entering your password
        
        Changing your password
        
        Verifying your new password
        
        Changing another users password
    - The Care and Feeding of Passwords
      - Bad Passwords: Open Doors
      - Smoking Joes
      - Good Passwords: Locked Doors
      - Password Synchronization: Using the Same Password on Many Machines
      - Writing Down Passwords
    - How Unix Implements Passwords
      - The /etc/passwd File
      - The Unix Encrypted Password System
        
        The traditional crypt ( ) algorithm
        
        Unix salt
        
        crypt16( ), DES Extended, and Modular Crypt Format
        
        The shadow password and master password files
      - One-Time Passwords
      - Public Key Authentication
    - Network Account and Authorization Systems
      - Using Network Authorization Systems
      - Viewing Accounts in the Network Database
        
        NIS and NIS+
        
        Kerboros DCE
        
        NetInfo
        
        RADIUS
        
        LDAP
    - Pluggable Authentication Modules (PAM)
    - Summary
  - 5. Users, Groups, and the Superuser
    - Users and Groups
      - The /etc/passwd File
      - User Identifiers (UIDs)
      - Groups and Group Identifiers (GIDs)
        
        The /etc/group file
    - The Superuser (root)
      - What the Superuser Can Do
      - What the Superuser Cant Do
      - Any Username Can Be a Superuser
      - The Problem with the Superuser
    - The su Command: Changing Who You Claim to Be
      - Real and Effective UIDs with the su Command
        
        Saved IDs
        
        Other IDs
      - Becoming the Superuser
      - Use su with Caution
      - Using su to Run Commands from Scripts
      - Restricting su
      - The su Log
        
        The sulog under Solaris
        
        The sulog under Berkeley Unix
        
        The sulog under Red Hat Linux
        
        Final caution
      - sudo: A More Restrictive su
    - Restrictions on the Superuser
      - Secure Terminals: Limiting Where the Superuser Can Log In
      - BSD Kernel Security Levels
      - Linux Capabilities
    - Summary
  - 6. Filesystems and Security
    - Understanding Filesystems
      - UFS and the Fast File System
        
        File contents
        
        Inodes
        
        Directories and links
      - The Virtual Filesystem Interface
      - Current Directory and Paths
    - File Attributes and Permissions
      - Exploring with the ls Command
      - File Times
      - File Permissions
        
        A file permissions example
      - Directory Permissions
    - chmod: Changing a Files Permissions
      - Setting a Files Permissions
        
        Calculating octal file permissions
        
        Using octal file permissions
      - Access Control Lists
    - The umask
      - The umask Command
      - Common umask Values
    - SUID and SGID
      - Sticky Bits
      - SGID and Sticky Bits on Directories
      - SGID Bit on Files (System V-Derived Unix Only): Mandatory Record Locking
      - Problems with SUID
      - SUID Scripts
        
        An example of a SUID attack: IFS and the /usr/lib/preserve hole
      - Finding All of the SUID and SGID Files
        
        The Solaris ncheck command
      - Turning Off SUID and SGID in Mounted Filesystems
    - Device Files
      - Unauthorized Device Files
    - Changing a Files Owner or Group
      - chown: Changing a Files Owner
        
        Old and new chown behavior
        
        Use chown with caution
      - chgrp: Changing a Files Group
    - Summary
  - 7. Cryptography Basics
    - Understanding Cryptography
      - Roots of Cryptography
      - Cryptography as a Dual-Use Technology
      - A Cryptographic Example
      - Cryptographic Algorithms and Functions
    - Symmetric Key Algorithms
      - Cryptographic Strength of Symmetric Algorithms
      - Key Length with Symmetric Key Algorithms
      - Common Symmetric Key Algorithms
      - Attacks on Symmetric Encryption Algorithms
        
        Key search (brute force) attacks
        
        Cryptanalysis
        
        Systems-based attacks
    - Public Key Algorithms
      - Uses for Public Key Encryption
        
        Encrypted messaging
        
        Digital signatures
      - Attacks on Public Key Algorithms
        
        Key search attacks
        
        Analytic attacks
        
        Known versus published methods
    - Message Digest Functions
      - Message Digest Algorithms at Work
      - Uses of Message Digest Functions
      - HMAC
      - Attacks on Message Digest Functions
    - Summary
  - 8. Physical Security for Servers
    - Planning for the Forgotten Threats
      - The Physical Security Plan
      - The Disaster Recovery Plan
      - Other Contingencies
    - Protecting Computer Hardware
      - Protecting Against Environmental Dangers
        
        Fire
        
        Smoke
        
        Dust
        
        Earthquakes
        
        Explosions
        
        Extreme temperatures
        
        Bugs (biological)
        
        Electrical noise
        
        Lightning
        
        Vibration
        
        Humidity
        
        Water
        
        Environmental monitoring
      - Preventing Accidents
        
        Food and drink
      - Controlling Physical Access
        
        Raised floors and dropped ceilings
        
        Entrance through air ducts
        
        Glass walls
      - Defending Against Vandalism
        
        Ventilation holes
        
        Network cables
        
        Network connectors
        
        Utility connections
      - Defending Against Acts of War and Terrorism
    - Preventing Theft
      - Understanding Computer Theft
      - Laptops and Portable Computers
        
        Locks
        
        Tagging
      - Laptop Recovery Software and Services
      - RAM Theft
      - Encryption
    - Protecting Your Data
      - Eavesdropping
        
        Wiretapping
        
        Eavesdropping over local area networks (Ethernet and twisted pairs)
        
        Eavesdropping on 802.11 wireless LANs
        
        Eavesdropping by radio and using TEMPEST
        
        Fiber optic cable
        
        Keyboard monitors
      - Protecting Backups
        
        Verify your backups
        
        Protect your backups
      - Sanitizing Media Before Disposal
      - Sanitizing Printed Media
      - Protecting Local Storage
        
        Printer buffers
        
        Printer output
        
        X terminals
        
        Function keys
      - Unattended Terminals
        
        Built-in shell autologout
        
        Screensavers
      - Key Switches
    - Story: A Failed Site Inspection
      - What We Found
        
        Fire hazards
        
        Potential for eavesdropping and data theft
        
        Easy pickings
        
        Physical access to critical computers
        
        Possibilities for sabotage
      - Nothing to Lose?
    - Summary
  - 9. Personnel Security
    - Background Checks
      - Intensive Investigations
      - Rechecks
    - On the Job
      - Initial Training
      - Ongoing Training and Awareness
      - Performance Reviews and Monitoring
      - Auditing Access
      - Least Privilege and Separation of Duties
    - Departure
    - Other People
    - Summary
- III. Network and Internet Security
  - 10. Modems and Dialup Security
    - Modems: Theory of Operation
      - Serial Interfaces
      - The RS-232 Serial Protocol
      - Originate and Answer
      - Baud and bps
    - Modems and Security
      - Banners
      - Caller-ID and Automatic Number Identification
      - One-Way Phone Lines
      - Protecting Against Eavesdropping
        
        Kinds of eavesdropping
        
        Eavesdropping countermeasures
      - Managing Unauthorized Modems with Telephone Scanning and Telephone Firewalls
        
        Telephone scanning
        
        Telephone firewalls
        
        Limitations of scanning and firewalls
    - Modems and Unix
      - Connecting a Modem to Your Computer
      - Setting Up the Unix Device
      - Checking Your Modem
        
        Originate testing
        
        Answer testing
        
        Privilege testing
      - Protection of Modems and Lines
    - Additional Security for Modems
    - Summary
  - 11. TCP/IP Networks
    - Networking
      - The Internet
        
        Todays Internet
        
        Whos on the Internet?
      - Networking and Unix
    - IP: The Internet Protocol
      - Internet Addresses
        
        IP networks
        
        Classical network addresses
        
        CIDR addresses
      - Routing
      - Hostnames
        
        Format of the hostname
        
        The /etc/hosts file
      - Packets and Protocols
        
        ICMP
        
        TCP
        
        UDP
      - Clients and Servers
      - Name Service
        
        DNS under Unix
        
        Other naming services
    - IP Security
      - Using Encryption to Protect IP Networks from Eavesdropping
      - Hardening Against Attacks
      - Firewalls and Physical Isolation
      - Improving Authentication
        
        Authentication and DNS
        
        Authentication and email
        
        April Fools! authentication and Netnews
        
        Adding authentication to TCP/IP with ident
      - Decoy Systems
    - Summary
  - 12. Securing TCP and UDP Services
    - Understanding Unix Internet Servers and Services
      - The /etc/services File
        
        Calling getservbyname( )
        
        Ports cannot be trusted
      - Starting the Servers
        
        Startup on different Unix systems
        
        Startup examples
      - The inetd Program
    - Controlling Access to Servers
      - Access Control Lists with TCP Wrappers
        
        What TCP Wrappers does
        
        The TCP Wrappers configuration language
        
        Making sense of your TCP Wrappers configuration files
      - Using a Host-Based Packet Firewall
        
        The ipfw host-based firewall
        
        An ipfw example
    - Primary Unix Network Services
      - echo and chargen (TCP and UDP Ports 7 and 19)
      - systat (TCP Port 11)
      - FTP: File Transfer Protocol (TCP Ports 20 and 21)
        
        Anonymous FTP
        
        FTP active mode
        
        FTP passive mode
        
        Setting up an FTP server
        
        Restricting FTP with the standard Berkeley FTP server
        
        Setting up anonymous FTP with the standard Unix FTP server
        
        Allowing only FTP access
      - SSH: The Secure Shell (TCP Port 22)
        
        Host authentication with SSH
        
        Client authentication with SSH
      - Telnet (TCP Port 23)
      - SMTP: Simple Mail Transfer Protocol (TCP Port 25)
        
        Configuration files
        
        Security concerns with SMTP banners and commands
        
        SMTP relaying and bulk email (a.k.a. spam)
        
        Overflowing system mailboxes
        
        Delivery to programs
        
        Overall security of Berkeley sendmail versus other MTAs
      - TACACS and TACACS+ (UDP Port 49)
      - Domain Name System (DNS) (TCP and UDP Port 53)
        
        DNS zone transfers
        
        DNS nameserver attacks
        
        DNSSEC
        
        DNS best practices
      - BOOTP: Bootstrap Protocol, and DHCP: Dynamic Host Configuration Protocol (UDP Ports 67 and 68)
      - TFTP: Trivial File Transfer Protocol (UDP Port 69)
      - finger (TCP Port 79)
        
        The .plan and .project files
        
        Disabling finger
      - HTTP, HTTPS: HyperText Transfer Protocol (TCP Ports 80, 443)
      - POP, POPS: Post Office Protocol, and IMAP, IMAPS: Internet Message Access Protocol (TCP Ports 109, 110, 143, 993, 995)
      - Sun RPCs portmapper (UDP and TCP Ports 111)
      - Identification Protocol (TCP Port 113)
      - NNTP: Network News Transport Protocol (TCP Port 119)
      - NTP: Network Time Protocol (UDP Port 123)
        
        Sudden changes in time
        
        An NTP example
      - SNMP: Simple Network Management Protocol (UDP Ports 161 and 162)
      - rexec (TCP Port 512)
      - rlogin and rsh (TCP Ports 513 and 514)
        
        Trusted hosts and users
        
        Specifying trusted hosts with /etc/hosts.equiv and ~/.rhosts
        
        /etc/hosts.lpd file
      - RIP Routed: Routing Internet Protocol (UDP Port 520)
      - The X Window System (TCP Ports 6000-6063)
        
        /etc/logindevperm
        
        X security
        
        The xhost facility
        
        Using Xauthority magic cookies
        
        Tunneling X with SSH
      - RPC rpc.rexd (TCP Port 512)
      - Communicating with MUDs, Internet Relay Chat (IRC), and Instant Messaging
    - Managing Services Securely
      - Monitoring Your Host with netstat
        
        Limitation of netstat and lsof
      - Monitoring Your Network with tcpdump
      - Network Scanning
    - Putting It All Together: An Example
    - Summary
  - 13. Sun RPC
    - Remote Procedure Call (RPC)
      - Suns portmap/rpcbind
      - RPC Authentication
        
        AUTH_NONE
        
        AUTH_UNIX
        
        AUTH_DES
        
        AUTH_KERB
    - Secure RPC (AUTH_DES)
      - Secure RPC Authentication
        
        Proving your identity
        
        Using Secure RPC services
        
        Setting the window
      - Setting Up Secure RPC with NIS
        
        Creating passwords for users
        
        Creating passwords for hosts
        
        Making sure Secure RPC support is running on every workstation
      - Using Secure RPC
      - Limitations of Secure RPC
    - Summary
  - 14. Network-Based Authentication Systems
    - Suns Network Information Service (NIS)
      - NIS Fundamentals
        
        Including or excluding specific accounts
        
        Importing accounts without really importing accounts
      - NIS Domains
      - NIS Netgroups
        
        Setting up netgroups
        
        Using netgroups to limit the importing of accounts
        
        Limitations of NIS
        
        Spoofing RPC
        
        Spoofing NIS
        
        NIS is confused about +
      - Unintended Disclosure of Site Information with NIS
    - Suns NIS+
      - What NIS+ Does
      - NIS+ Tables and Other Objects
      - Using NIS+
        
        Changing your password
        
        When a users passwords dont match
      - NIS+ Limitations
    - Kerberos
      - Kerberos Authentication
        
        Initial login
        
        Using the ticket-granting ticket
        
        Authentication, data integrity, and secrecy
        
        Kerberos 4 versus Kerberos 5
      - Getting Kerberos
      - Using Kerberos
      - Kerberos Limitations
    - LDAP
      - LDAP: The Protocol
      - LDAP Integrity and Reliability
      - Authentication with LDAP
        
        nss_ldap
        
        pam_ldap
      - Configuring Authentication with nss_ldap
        
        Setting up the LDAP server
        
        Setting up the LDAP clients
    - Other Network Authentication Systems
      - DCE
      - SESAME
    - Summary
  - 15. Network Filesystems
    - Understanding NFS
      - NFS History
      - File Handles
      - The MOUNT Protocol
      - The NFS Protocol
        
        How NFS creates a reliable filesystem from a best-effort protocol
        
        Hard, soft, and spongy mounts
        
        Connectionless and stateless
        
        NFS and root
      - NFS Version 3
    - Server-Side NFS Security
      - Limiting Client Access: /etc/exports and /etc/dfs/dfstab
        
        /etc/exports
        
        /usr/etc/exportfs
        
        Exporting NFS directories under System V: share and dfstab
      - The showmount Command
    - Client-Side NFS Security
    - Improving NFS Security
      - Limit Exported and Mounted Filesystems
        
        The example explained
      - Export Read-Only
      - Use Root Ownership
      - Remove Group-Write Permission for Files and Directories
      - Do Not Export Server Executables
      - Do Not Export Home Directories
      - Do Not Allow Users to Log into the Server
      - Use fsirand
      - Set the portmon Variable
      - Use showmount -e
      - Use Secure NFS
    - Some Last Comments on NFS
      - Well-Known Bugs
      - For Real Security, Dont Use NFS
    - Understanding SMB
      - SMB History
      - Protocols
        
        Name service
        
        Authentication
        
        File access
      - Configuring the Samba Server
      - Samba Server Security
        
        Connecting to the server
        
        User authentication
        
        Authorization
        
        Data integrity and privacy
      - Samba Client Security
      - Improving Samba Security
    - Summary
  - 16. Secure Programming Techniques
    - One Bug Can Ruin Your Whole Day . . .
      - The Lesson of the Internet Worm
      - An Empirical Study of the Reliability of Unix Utilities
        
        What he found
        
        Wheres the beef?
    - Tips on Avoiding Security-Related Bugs
      - Design Principles
      - Coding Standards
      - Things to Avoid
      - Before You Finish
    - Tips on Writing Network Programs
      - Things to Do
      - Things to Avoid
    - Tips on Writing SUID/SGID Programs
    - Using chroot( )
    - Tips on Using Passwords
    - Tips on Generating Random Numbers
      - Unix Pseudorandom Functions
        
        rand( )
        
        random( )
        
        drand48( ), lrand48( ), and mrand48( )
      - Picking a Random Seed
      - A Good Random Seed Generator
    - Summary
- IV. Secure Operations
  - 17. Keeping Up to Date
    - Software Management Systems
      - Package-Based Systems
      - Source-Based Systems
        
        Source code and patches
        
        CVS
    - Updating System Software
      - Learning About Patches
      - Upgrading Distributed Applications
      - Sensitive Upgrades
    - Summary
  - 18. Backups
    - Why Make Backups?
      - The Role of Backups
      - What Should You Back Up?
      - Types of Backups
      - Guarding Against Media Failure
        
        Replace tapes as needed
        
        Keep your tape drives clean
        
        Verify the backup
      - How Long Should You Keep a Backup?
      - Security for Backups
        
        Physical security for backups
        
        Write-protect your backups
        
        Data security for backups
      - Legal Issues
      - Deciding Upon a Backup Strategy
      - Individual Workstation
        
        Backup plan
        
        Retention schedule
      - Small Network of Workstations and a Server
        
        Backup plan
        
        Retention schedule
      - Large Service-Based Network with Small Budget
        
        Backup plan
        
        Retention schedule
      - Large Service-Based Networks with Large Budget
        
        Backup plan
        
        Retention schedule
    - Backing Up System Files
      - Which Files to Back Up?
      - Building an Automatic Backup System
    - Software for Backups
      - Simple Local Copies
      - Simple Archives
      - Specialized Backup Programs
      - Network Backup Systems
      - Encrypting Your Backups
    - Summary
  - 19. Defending Accounts
    - Dangerous Accounts
      - Accounts Without Passwords
      - Default Accounts
        
        The superuser account
        
        Other accounts
      - Accounts That Run a Single Command
      - Open Accounts
        
        Restricted shells
        
        How to set up a restricted account with rsh
        
        Potential problems with restricted shells
      - Restricted Filesystem with the chroot( ) Jail
        
        Setting up the chroot( ) environment
        
        Limiting network servers
        
        Limiting users
        
        Checking new software
      - Group Accounts
    - Monitoring File Format
    - Restricting Logins
    - Managing Dormant Accounts
      - Disabling an Account by Changing the Accounts Password
      - Changing the Accounts Login Shell
      - Finding Dormant Accounts
    - Protecting the root Account
      - Secure Terminals
      - The wheel Group
      - The sudo Program
      - Trusted Path and Trusted Computing Base
        
        Trusted path
        
        Trusted computing base
    - One-Time Passwords
      - Integrating One-Time Passwords with Unix
      - Token Cards
      - Codebooks
    - Administrative Techniques for Conventional Passwords
      - Assigning Passwords to Users
      - Constraining Passwords
      - Password Generators
      - Shadow Password Files
      - Password Aging and Expiration
      - Cracking Your Own Passwords
        
        Joetest: a simple password cracker
        
        The dilemma of password crackers
      - Algorithm and Library Changes
      - Account Names Revisited: Using Aliases for Increased Security
    - Intrusion Detection Systems
    - Summary
  - 20. Integrity Management
    - The Need for Integrity
    - Protecting Integrity
      - Immutable and Append-Only Files
        
        The chflags command
        
        Kernel security level
      - Read-Only Filesystems
    - Detecting Changes After the Fact
      - The Achilles Heel of Integrity Management Systems
      - Comparison Copies
        
        Local copies
        
        Remote copies
        
        rdist
      - Checklists and Metadata
        
        Simple listing
        
        Ancestor directories
      - Checksums and Signatures
    - Integrity-Checking Tools
      - BSDs mtree and Periodic Security Scans
      - Packaging Tools
        
        Integrity checking with RPM under Linux
        
        Integrity checking with the BSD pkg_info command
      - Tripwire
        
        Building Tripwire
        
        Running Tripwire
    - Summary
  - 21. Auditing, Logging, and Forensics
    - Unix Log File Utilities
      - Essential Log Files
      - Unix syslog
        
        The syslog message
        
        The syslog.conf configuration file
        
        Using syslog in a networked environment
        
        Incorporating syslog into your own programs
        
        Beware false syslog log entries
      - Rotating Logs with newsyslog
      - Swatch: A Log File Analysis Tool
        
        Running Swatch
        
        The Swatch configuration file
      - lastlog File
      - utmp and wtmp Files
        
        Examining the utmp and wtmp files
        
        The su command and the utmp and wtmp files
        
        last program
        
        Pruning the wtmp file
      - loginlog File
    - Process Accounting: The acct/pacct File
      - Accounting with System V
      - Accounting with BSD and Linux
      - messages Log File
    - Program-Specific Log Files
      - aculog Log File
      - sulog Log File
      - xferlog Log File
      - access_log Log File
      - Logging Network Services
      - Other Logs
    - Designing a Site-Wide Log Policy
      - Where to Log
        
        Logging to a printer
        
        Logging across the network
        
        Logging everything everywhere
    - Handwritten Logs
      - Per-Site Logs
        
        Exception and activity reports
        
        Informational material
      - Per-Machine Logs
        
        Exception and activity reports
        
        Informational material
    - Managing Log Files
    - Unix Forensics
      - Shell History
      - Mail
      - cron
      - Network Setup
    - Summary
- V. Handling Security Incidents
  - 22. Discovering a Break-in
    - Prelude
      - Rule #1: Dont Panic
      - Rule #2: Document
      - Rule #3: Plan Ahead
    - Discovering an Intruder
      - Catching One in the Act
        
        Monitoring commands
        
        Other tip-offs
      - What to Do When You Catch Somebody
      - Contacting the Intruder
      - Monitoring the Intruder
      - Tracing a Connection
      - How to Contact the System Administrator of a Computer You Dont Know
        
        Looking up information by domain
        
        Looking up information by IP address
        
        Contacting a sites ISP
        
        Alternative contact strategies
      - Getting Rid of the Intruder
    - Cleaning Up After the Intruder
      - Analyzing the Log Files
      - Preserving the Evidence
      - Assessing the Damage
        
        New accounts
        
        Changes in file contents
        
        Changes in file and directory protections
        
        New SUID and SGID files
        
        Changes in .rhosts files
        
        Changes to .ssh/authorized_keys files
        
        Changes to the /etc/hosts.equiv file
        
        Changes to startup files
        
        Hidden files and directories
        
        Unowned files
        
        New network services
      - Never Trust Anything Except Hardcopy
      - Resuming Operation
      - Damage Control
    - Case Studies
      - Rootkit
      - Warez
        
        The follow-up
      - faxsurvey
    - Summary
  - 23. Protecting Against Programmed Threats
    - Programmed Threats: Definitions
      - Security Scanners and Other Tools
      - Back Doors and Trap Doors
      - Logic Bombs
      - Trojan Horses
        
        Trojan horses in mobile code
        
        Terminal-based Trojan horses
        
        Avoiding Trojan horses
      - Viruses
      - Worms
      - Bacteria and Rabbits
    - Damage
    - Authors
    - Entry
    - Protecting Yourself
      - Shell Features
        
        PATH attacks
        
        IFS attacks
        
        $HOME attacks
        
        Filename attacks
      - Startup File Attacks
        
        .login, .profile, /etc/profile
        
        .cshrc, .kshrc, .tcshrc
        
        .emacs
        
        .exrc, .nexrc
        
        .forward, .procmailrc
        
        Other files
        
        Other initializations
      - Abusing Automatic Mechanisms
        
        crontab entries
        
        inetd.conf
        
        /etc/mail/aliases, aliases.dir, aliases.pag, and aliases.db
        
        The at program
        
        System initialization files
        
        Other files
        
        Issues with NFS
    - Preventing Attacks
      - File Protections
        
        World-writable user files and directories
        
        Writable system files and directories
        
        Group-writable files
        
        World-readable backup devices
      - Shared Libraries
    - Summary
  - 24. Denial of Service Attacks and Solutions
    - Types of Attacks
    - Destructive Attacks
    - Overload Attacks
      - Process and CPU Overload Problems
        
        Too many processes
        
        Recovering from too many processes
        
        No more processes
        
        Safely halting the system
        
        CPU overload attacks
      - Swap Space Problems
        
        Swapping to files
      - Disk Attacks
        
        Disk-full attacks
        
        quot command
        
        inode problems
        
        Using partitions to protect your users
        
        Using quotas
        
        Reserved space
        
        Hidden space
        
        Tree structure attacks
      - /tmp Problems
      - Soft Process Limits: Preventing Accidental Denial of Service
    - Network Denial of Service Attacks
      - Service Overloading
      - Message Flooding
      - Signal Grounding and Jamming
      - Clogging (SYN Flood Attacks)
      - Ping of Death and Other Malformed Traffic Attacks
    - Summary
  - 25. Computer Crime
    - Your Legal Options After a Break-in
      - Filing a Criminal Complaint
        
        Choosing jurisdiction
        
        Local jurisdiction
        
        Federal jurisdiction
      - Federal Computer Crime Laws
      - Hazards of Criminal Prosecution
      - The Responsibility to Report Crime
    - Criminal Hazards
    - Criminal Subject Matter
      - Access Devices and Copyrighted Software
      - Pornography, Indecency, and Obscenity
        
        Amateur Action
        
        Communications Decency Act
        
        Mandatory blocking
        
        Child pornography
      - Copyrighted Works
      - Cryptographic Programs and Export Controls
    - Summary
  - 26. Who Do You Trust?
    - Can You Trust Your Computer?
      - Harrys Compiler
      - Trusting Trust
      - What the Superuser Can and Cannot Do
    - Can You Trust Your Suppliers?
      - Hardware Bugs
      - Viruses on the Distribution Disk
      - Buggy Software
      - Hacker Challenges
      - Security Bugs That Never Get Fixed
      - Network Providers That Network Too Well
    - Can You Trust People?
      - Your Employees?
      - Your System Administrator?
      - Your Vendor?
      - Your Consultants?
      - Response Personnel?
    - Summary
- VI. Appendixes
  - A. Unix Security Checklist
    - Preface
    - Chapter 1: Introduction: Some Fundamental Questions
    - Chapter 2: Unix History and Lineage
    - Chapter 3: Policies and Guidelines
    - Chapter 4: Users, Passwords, and Authentication
    - Chapter 5: Users, Groups, and the Superuser
    - Chapter 6: Filesystems and Security
    - Chapter 7: Cryptography Basics
    - Chapter 8: Physical Security for Servers
    - Chapter 9: Personnel Security
    - Chapter 10: Modems and Dialup Security
    - Chapter 11: TCP/IP Networks
    - Chapter 12: Securing TCP and UDP Services
    - Chapter 13: Sun RPC
    - Chapter 14: Network-Based Authentication Systems
    - Chapter 15: Network Filesystems
    - Chapter 16: Secure Programming Techniques
    - Chapter 17: Keeping Up to Date
    - Chapter 18: Backups
    - Chapter 19: Defending Accounts
    - Chapter 20: Integrity Management
    - Chapter 21: Auditing, Logging, and Forensics
    - Chapter 22: Discovering a Break-In
    - Chapter 23: Protecting Against Programmed Threats
    - Chapter 24: Denial of Service Attacks and Solutions
    - Chapter 25: Computer Crime
    - Chapter 26: Who Do You Trust?
    - Appendix A: Unix Security Checklist
    - Appendix B: Unix Processes
    - Appendixes C, D, and E: Paper Sources, Electronic Sources, and Organizations
  - B. Unix Processes
    - About Processes
      - Processes and Programs
      - The ps Command
        
        Listing processes with Solaris and other Unix systems derived from System V
        
        Listing processes with versions of Unix derived from BSD, including Linux
      - Process Properties
        
        Process identification numbers (PIDs)
        
        Process real and effective UIDs
        
        Process priority and niceness
        
        Process groups and sessions
      - Creating Processes
    - Signals
      - Unix Signals and the kill Command
      - Killing Multiple Processes at the Same Time
      - Catching Signals
      - Killing Rogue or Questionable Processes
    - Controlling and Examining Processes
      - gdb: Controlling a Process
      - gcore: Dumping Core
      - lsof: Examining a Process
      - /proc: Examining a Process Directly
      - pstree: Viewing the Process Tree
    - Starting Up Unix and Logging In
      - Process #1: /etc/init
      - Logging In
      - Running the Users Shell
  - C. Paper Sources
    - Unix Security References
    - Other Computer References
      - Computer Crime and Law
      - Computer-Related Risks
      - Computer Viruses and Programmed Threats
      - Cryptography Books
      - Cryptography Papers and Other Publications
      - General Computer Security
      - Network Technology and Security
      - Security Products and Services Information
      - Understanding the Computer Security Culture
      - Unix Programming and System Administration
      - Miscellaneous References
      - Security Periodicals
  - D. Electronic Resources
    - Mailing Lists
      - Response Teams and Vendors
      - A Big Problem with Mailing Lists
      - Major Mailing Lists
        
        Bugtraq
        
        CERT-advisory
        
        Computer underground digest
        
        Firewalls
        
        Firewall-Wizards
        
        RISKS
        
        SANS Security Alert Consensus
    - Web Sites
      - CIAC
      - CERIAS
      - FIRST
      - NIST CSRC
      - Insecure.org
      - NIH
    - Usenet Groups
    - Software Resources
      - chrootuid
      - COPS (Computer Oracle and Password System)
      - ISS (Internet Security Scanner)
      - Kerberos
      - nmap
      - Nessus
      - OpenSSH
      - OpenSSL
      - portmap
      - portsentry
      - SATAN
      - Snort
      - Swatch
      - TCP Wrappers
      - Tiger
      - trimlog
      - Tripwire
      - wuarchive ftpd
  - E. Organizations
    - Professional Organizations
      - Association for Computing Machinery (ACM)
      - American Society for Industrial Security (ASIS)
      - Computer Security Institute (CSI)
      - Electronic Frontier Foundation (EFF)
      - Electronic Privacy Information Center (EPIC)
      - High Technology Crimes Investigation Association (HTCIA)
      - Information Systems Security Association (ISSA)
      - International Information Systems Security Certification Consortium, Inc.
      - The Internet Society
      - IEEE Computer Society
      - IFIP, Technical Committee 11
      - Systems Administration and Network Security (SANS)
      - USENIX/SAGE
    - U.S. Government Organizations
      - National Institute of Standards and Technology (NIST)
      - National Security Agency (NSA)
    - Emergency Response Organizations
      - Department of Justice (DOJ)
      - Federal Bureau of Investigation (FBI)
      - U.S. Secret Service (USSS)
      - Forum of Incident and Response Security Teams (FIRST)
      - Computer Emergency Response Team Coordination Center (CERT/CC)
- Index
- About the Authors
- Colophon
- SPECIAL OFFER: Upgrade this ebook with OReilly