Scope of This Book

This book is divided into six parts; it includes 26 chapters and 5 appendixes.

Part I, provides a basic introduction to computer security, the Unix operating system, and security policy. The chapters in this book are designed to be accessible to both users and administrators.

  • Chapter 1, takes a very basic look at several basic questions: What is computer security? What is an operating system? What is a deployment environment? It also introduces basic terms we use throughout the book.

  • Chapter 2, explores the history of the Unix operating system, and discusses the way that Unix history has affected Unix security.

  • Chapter 3, examines the role of setting good policies to guide the protection of your systems. It also describes the trade-offs you will need to make to account for cost, risk, and corresponding benefits.

Part II, provides a basic introduction to Unix host security. The chapters in this part of the book are also designed to be accessible to both users and administrators.

  • Chapter 4, is about Unix user accounts. It discusses the purpose of passwords, explains what makes good and bad passwords, and describes how the crypt( ) password encryption system works.

  • Chapter 5, describes how Unix groups can be used to control access to files and devices. It discusses the Unix superuser and the role that special users play. This chapter also introduces the Pluggable Authentication Module (PAM) system.

  • Chapter 6, discusses the security provisions of the Unix filesystem and tells how to restrict access to files and directories to the file's owner, to a group of people, or to everybody using the computer system.

  • Chapter 7, discusses the role of encryption and message digests in protecting your security.

  • Chapter 8. What if somebody gets frustrated by your super-secure system and decides to smash your computer with a sledgehammer? This chapter describes physical perils that face your computer and its data and discusses ways of protecting against them.

  • Chapter 9, explores who you employ and how they fit into your overall security scheme.

Part III, describes the ways in which individual Unix computers communicate with one another and the outside world, and the ways in which these systems can be subverted by attackers who are trying to break into your computer system. Because many attacks come from the outside, this part of the book is vital reading for anyone whose computer has outside connections.

  • Chapter 10, describes how modems work and provides step-by-step instructions for testing your computer's modems to see if they harbor potential security problems.

  • Chapter 11, provides background on how TCP/IP networking programs work and describes the security problems they pose.

  • Chapter 12, the longest chapter in this book, explores the most common TCP and UDP services and how you can secure them.

  • Chapter 13, one of the shortest chapters in the book, looks at the Remote Procedure Call system developed in the 1980s by Sun Microsystems. This RPC system is the basis of NFS and a number of other network-based services.

  • Chapter 14, discusses services for authenticating individuals over a network: NIS, NIS+, Kerberos, and LDAP. It continues the discussion of the PAM system.

  • Chapter 15, describes both Sun Microsystems' Network Filesystem (NFS) and the Windows-compatible Server Message Block (SMB)?in particular, the Samba system.

  • Chapter 16, describes common pitfalls you might encounter when writing your own software. It gives tips on how to write robust software that will resist attack from malicious users. This information is particularly important when developing network servers.

Part IV, is directed primarily towards Unix system administrators. It describes how to configure Unix on your computer to minimize the chances of a break-in, as well as to limit the opportunities for a nonprivileged user to gain superuser access.

  • Chapter 17, discusses strategies for downloading security patches and keeping your operating system up to date.

  • Chapter 18, discusses why and how to make archival backups of your storage. It includes discussions of backup strategies for different types of organizations.

  • Chapter 19, describes ways that an attacker might try to initially break into your computer system. By finding these "doors" and closing them, you increase the security of your system.

  • Chapter 20, discusses how to monitor your filesystem for unauthorized changes. This chapter includes coverage of the use of message digests and read-only disks, and the configuration and use of the Tripwire utility.

  • Chapter 21, discusses the logging mechanisms that Unix provides to help you audit the usage and behavior of your system.

Part V, contains instructions for what to do if your computer's security is compromised. This part of the book will also help system administrators protect their systems from authorized users who are misusing their privileges.

  • Chapter 22, contains step-by-step directions to follow if you discover that an unauthorized person is using your computer.

  • Chapter 23, discusses approaches for handling computer worms, viruses, Trojan Horses, and other programmed threats.

  • Chapter 24, describes ways that both authorized users and attackers can make your system inoperable. We also explore ways that you can find out who is doing what, and what to do about it.

  • Chapter 25. Occasionally, the only thing you can do is sue or try to have your attackers thrown in jail. This chapter describes legal recourse you may have after a security breach and discusses why legal approaches are often not helpful. It also covers some emerging concerns about running server sites connected to a wide area network such as the Internet.

  • Chapter 26, makes the point that somewhere along the line, you need to trust a few things, and people. We hope you are trusting the right ones.

Part VI, contains a number of useful lists and references.

  • Appendix A, contains a point-by-point list of many of the suggestions made in the text of the book.

  • Appendix B, is a technical discussion of how the Unix system manages processes. It also describes some of the special attributes of processes, including the UID, GID, and SUID.

  • Appendix C, lists books, articles, and magazines about computer security.

  • Appendix D, is a brief listing of some significant security tools to use with Unix, including descriptions of where to find them on the Internet.

  • Appendix E, contains the names, telephone numbers, and addresses of organizations that are devoted to ensuring that computers become more secure.

    Part VI: Appendixes