| Preface | p. xiii |
| Computer Security Basics | |
| Introduction: Some Fundamental Questions | p. 3 |
| What Is Computer Security? | p. 5 |
| What Is an Operating System? | p. 6 |
| What Is a Deployment Environment? | p. 8 |
| Unix History and Lineage | p. 11 |
| History of Unix | p. 12 |
| Security and Unix | p. 23 |
| Role of This Book | p. 30 |
| Policies and Guidelines | p. 32 |
| Planning Your Security Needs | p. 33 |
| Risk Assessment | p. 35 |
| Cost-Benefit Analysis and Best Practices | p. 38 |
| Policy | p. 45 |
| Compliance Audits | p. 53 |
| Outsourcing Options | p. 54 |
| The Problem with Security Through Obscurity | p. 61 |
| Security Building Blocks | |
| Users, Passwords, and Authentication | p. 67 |
| Logging in with Usernames and Passwords | p. 68 |
| The Care and Feeding of Passwords | p. 76 |
| How Unix Implements Passwords | p. 82 |
| Network Account and Authorization Systems | p. 91 |
| Pluggable Authentication Modules (PAM) | p. 94 |
| Users, Groups, and the Superuser | p. 98 |
| Users and Groups | p. 98 |
| The Superuser (root) | p. 105 |
| The su Command: Changing Who You Claim to Be | p. 109 |
| Restrictions on the Superuser | p. 117 |
| Filesystems and Security | p. 122 |
| Understanding Filesystems | p. 122 |
| File Attributes and Permissions | p. 127 |
| chmod: Changing a File's Permissions | p. 136 |
| The umask | p. 142 |
| SUID and SGID | p. 145 |
| Device Files | p. 155 |
| Changing a File's Owner or Group | p. 157 |
| Cryptography Basics | p. 161 |
| Understanding Cryptography | p. 161 |
| Symmetric Key Algorithms | p. 169 |
| Public Key Algorithms | p. 180 |
| Message Digest Functions | p. 187 |
| Physical Security for Servers | p. 194 |
| Planning for the Forgotten Threats | p. 194 |
| Protecting Computer Hardware | p. 197 |
| Preventing Theft | p. 211 |
| Protecting Your Data | p. 216 |
| Story: A Failed Site Inspection | p. 226 |
| Personnel Security | p. 230 |
| Background Checks | p. 231 |
| On the Job | p. 233 |
| Departure | p. 236 |
| Other People | p. 237 |
| Network and Internet Security | |
| Modems and Dialup Security | p. 241 |
| Modems: Theory of Operation | p. 242 |
| Modems and Security | p. 246 |
| Modems and Unix | p. 257 |
| Additional Security for Modems | p. 265 |
| TCP/IP Networks | p. 267 |
| Networking | p. 267 |
| IP: The Internet Protocol | p. 271 |
| IP Security | p. 290 |
| Securing TCP and UDP Services | p. 305 |
| Understanding Unix Internet Servers and Services | p. 306 |
| Controlling Access to Servers | p. 314 |
| Primary Unix Network Services | p. 329 |
| Managing Services Securely | p. 389 |
| Putting It All Together: An Example | p. 399 |
| Sun RPC | p. 407 |
| Remote Procedure Call (RPC) | p. 408 |
| Secure RPC (AUTH_DES) | p. 411 |
| Network-Based Authentication Systems | p. 421 |
| Sun's Network Information Service (NIS) | p. 422 |
| Sun's NIS+ | p. 431 |
| Kerberos | p. 438 |
| LDAP | p. 447 |
| Other Network Authentication Systems | p. 453 |
| Network Filesystems | p. 456 |
| Understanding NFS | p. 457 |
| Server-Side NFS Security | p. 468 |
| Client-Side NFS Security | p. 473 |
| Improving NFS Security | p. 474 |
| Some Last Comments on NFS | p. 483 |
| Understanding SMB | p. 485 |
| Secure Programming Techniques | p. 498 |
| One Bug Can Ruin Your Whole Day... | p. 498 |
| Tips on Avoiding Security-Related Bugs | p. 505 |
| Tips on Writing Network Programs | p. 514 |
| Tips on Writing SUID/SGID Programs | p. 516 |
| Using chroot() | p. 519 |
| Tips on Using Passwords | p. 520 |
| Tips on Generating Random Numbers | p. 522 |
| Secure Operations | |
| Keeping Up to Date | p. 533 |
| Software Management Systems | p. 533 |
| Updating System Software | p. 538 |
| Backups | p. 544 |
| Why Make Backups? | p. 545 |
| Backing Up System Files | p. 561 |
| Software for Backups | p. 565 |
| Defending Accounts | p. 571 |
| Dangerous Accounts | p. 571 |
| Monitoring File Format | p. 583 |
| Restricting Logins | p. 584 |
| Managing Dormant Accounts | p. 586 |
| Protecting the root Account | p. 591 |
| One-Time Passwords | p. 595 |
| Administrative Techniques for Conventional Passwords | p. 600 |
| Intrusion Detection Systems | p. 613 |
| Integrity Management | p. 616 |
| The Need for Integrity | p. 616 |
| Protecting Integrity | p. 618 |
| Detecting Changes After the Fact | p. 622 |
| Integrity-Checking Tools | p. 630 |
| Auditing, Logging, and Forensics | p. 641 |
| Unix Log File Utilities | p. 642 |
| Process Accounting: The acct/pacct File | p. 664 |
| Program-Specific Log Files | p. 666 |
| Designing a Site-Wide Log Policy | p. 670 |
| Handwritten Logs | p. 673 |
| Managing Log Files | p. 676 |
| Unix Forensics | p. 677 |
| Handling Security Incidents | |
| Discovering a Break-in | p. 683 |
| Prelude | p. 683 |
| Discovering an Intruder | p. 686 |
| Cleaning Up After the Intruder | p. 700 |
| Case Studies | p. 713 |
| Protecting Against Programmed Threats | p. 734 |
| Programmed Threats: Definitions | p. 735 |
| Damage | p. 746 |
| Authors | p. 747 |
| Entry | p. 749 |
| Protecting Yourself | p. 750 |
| Preventing Attacks | p. 762 |
| Denial of Service Attacks and Solutions | p. 767 |
| Types of Attacks | p. 767 |
| Destructive Attacks | p. 769 |
| Overload Attacks | p. 769 |
| Network Denial of Service Attacks | p. 787 |
| Computer Crime | p. 795 |
| Your Legal Options After a Break-in | p. 795 |
| Criminal Hazards | p. 801 |
| Criminal Subject Matter | p. 805 |
| Who Do You Trust? | p. 811 |
| Can You Trust Your Computer? | p. 811 |
| Can You Trust Your Suppliers? | p. 815 |
| Can You Trust People? | p. 823 |
| Appendixes | |
| Unix Security Checklist | p. 831 |
| Unix Processes | p. 850 |
| Paper Sources | p. 873 |
| Electronic Resources | p. 883 |
| Organizations | p. 896 |
| Index | p. 907 |
| Table of Contents provided by Ingram. All Rights Reserved. |
