Practical Unix and Internet Security

Rick Franchuk has written us a review of Practical Unix and Internet Security. Click below for the rest of the review:

This is the first of (probably) several reviews I'll be doing for Slashdot of books that I personally consider Essential on the path to Unix gurudom. Most of the books I'll be reviewing are not system-specific inside the definition of Unix, so should be equally useful for Linux, BSD, SunOS or any other flavor of nix-ish OS you might be handling.

I'll start this textual journey with Practical Unix & Internet Security. This book attempts to reveal, with some success, the whys and hows of hardening your servers against hostile attack, originating both from without and within your sphere of influence.

Practical Unix & Internet Security

Simson Garfinkel and Gene Spafford

(O'Reilly & Associates ISBN 1565921488)

Nutshell Review An excellent reference for anyone who doesn't consider him/herself as a Unix guru, but lacks enough detailed substance to satiate a seasoned hacker.

Rating: 8/10

Rick Franchuk - TranSpecT Consulting

What's Good?

There is an immense wealth of information regarding general security practices, detailing not just how things should be arranged for maximum benefit, but also WHY . As a neophyte administrator with only 'play-around' experience, I felt a little overwhelmed when I hired onto a new ISP to maintain a combination of FreeBSD and Linux machines. Because my use of linux to that point was primarily that of a single user with total machine control (a holdover from DOS experience), I didn't really know how to maintain multiple users so that they wouldn't collide. PU&IS helped resolve some of the more looming issues I had:

• File permissions (what is that sticky bit for, anyways?)
• UIDs/GIDs and how to assign them appropriately (why giving everyone group wheel is A Bad Idea®)
• How to enable and disable essential services (telnet, ftp, etc) without leaving the server wide-open or bringing the machine down totally

Of course, the book contains a great deal more. Topics range from the most simple, basic of tasks (like choosing a reasonably secure password) to semi-arcane (NIS+ administration and firewall setup), as well as non-technical security matters (reporting breakins and damage control, legal information, etc). See below for a more comprehensive list of what is covered.

What's Bad?

That being said, I should point out that this is NOT going to be the most useful tome to a seasoned administrator. A majority of the information contained within is geared towards getting new admins up-to-speed with the Unix way of life, and certain important areas are lightly glossed over (IP Spoofing, for example, is acknowedged to exist but absolutely nothing is revealed about how and why it works... you could get a better explanation written on the back of a napkin from a regular Phrack or 2600 reader).

Additionally, this book suffers from outdatedness, as are all computer-related texts. The 2nd Edition attempts to address more of the recent security concerns about the Internet (denial-of-service attacks get more exposure, packet sniffing concerns etc) but can't provide useful detailed information due to its age and the swift pace of software, OS, and attacker evolution. The most pertinent information revolves around unchanging security precepts and Unix foundations.

So What's In It For Me?

I'd strongly recommend this text, paired with another O'Reilly gem, Essential System Administration to anyone administering *nix-ish systems with experience below the "Advanced to Guru" stage. Probably the most important things you can learn from the book are:

• Be Paranoid - The more the better!
• Security through Obscurity Doesn't Work
• There's No Such Thing as Total Security
• Backups Save Lives (or at least jobs)

Personal Rant

<RANT Annoyance=mild>Unix is spelled "Unix", not "UNIX". It's not an acronym, it's a play on words from the name of its predecessor, Multics. See the History of Unix writeup, elsewhere in the annals of Slashdot. You'd think that O'Reilly and Associates, who consistantly make some of the best *nix books in existance, would figure that out by now.</RANT>

You can buy this over at Amazon.

Table of Contents

1. I. Security Basics
2. Introduction (What is computer security, history of)
3. Policies and Guidelines

   II. User Responsibilities

4. Users and Passwords
5. Users, Groups, and the Superuser
6. The Unix Filesystem
7. Cryptography

   III. System Security

8. Backups
9. Defending Your Accounts
10. Integrity Management
11. Auditing and Logging
12. Protecting Against Programmed Threats
13. Physical Security
14. Personnel Security

    IV. Network and Internet Security

15. Telephone Security
16. UUCP
17. TCP/IP Networks
18. TCP/IP Services
19. WWW Security
20. RPC, NIS, NIS+, and Kerberos
21. NFS

    V. Advanced Topics

22. Firewalls
23. Wrappers and Proxies
24. Writing Secure SUID and Network Programs

    VI. Handling Security Incidents

25. Discovering a Break-In
26. Denial-of-Service Attacks and Solutions
27. Computer Security and U.S. Law
28. Who Do You Trust?
    

1. VII. Appendixes
2. Unix Security Checklist
3. Important Files
4. Unix Processes
5. Paper Sources
6. Electronic Resources
7. Organizations
8. Table of IP Services