Books - UNIX System Security

UNIX System Security
A Guide for Users and System Administrators
by David A. Curry

ISBN 10: 0-201-56327-4 / ISBN 13: 9780201563276
Addison-Wesley Professional Computing Series
April 1992

The following is made available for your personal, non-commercial use only. You may cite this document as a bibliographic reference in any works that you are writing. Any commercial use of this document, including printing and distribution to groups of people (such as a classroom) is prohibited without my prior written permission.

 Complete text of the book:  
 Adobe PDF  UNIXSystemSecurity.pdf
 EPub (Nook e-readers)  UNIXSystemSecurity.epub
 MOBI (Kindle e-readers)

From the back cover...

Because the UNIX system was originally designed by programmers for use by other programmers, it was used in an environment of open cooperation where security was of minimal concern. Now that its use has spread to universities, businesses, and government, the confidential and sensitive nature of the data stored on UNIX systems has made the security of these systems of paramount importance.

Despite all of the technical papers and workshops on UNIX security, this book is unique. UNIX System Security is the first up-to-date source to provide the UNIX system user or administrator with the information needed to protect the data and system from unauthorized use. By following the procedures described in this book and making use of the C programs and shell scripts provided as examples, you can protect your UNIX system from most attackers.

The author begins by examining four high-profile breaches of UNIX security as illustrations of how a UNIX system can be attacked. He then provides the information necessary to protect against these forms of attack, and offers the tools that can be used to do so. Focusing on the most recent release of Berkeley and System V UNIX, and such vendor derivatives as SunOS and ULTRIX, the book gives information that can be applied to any version of UNIX since Seventh Edition.

Issues discussed include account and password security, securing the file system, encryption and authentication systems, TCP/IP network security, the Network Information Service (NIS), NFS, RFS, workstation security, terminals and modems, and UUCP. Other chapters describe how to respond if your system is attacked and how to develop a comprehensive security policy for your organization. The book also gives comprehensive lists of freely available security software, and publications and mailing lists dealing with UNIX security.

Table of Contents


Chapter 1 UNIX Security Stories
The Internet Worm
The Wily Hacker
A True UNIX Trojan Horse
Attacking UNIX With Viruses

Chapter 2 Account Security
Expiration Dates
Guest Accounts
Well-Known Accounts
Group Accounts vs. Groups
Protecting an Account
Monitoring Account Security

Chapter 3 File System Security
File Permissions
The umask Value
The write System Call
The Sticky Bit on Directories
The Set-Group-Id Bit on Directories
Set-User-Id and Set-Group-Id Shell Scripts
Monitoring File System Security

Chapter 4 Network Security
Trusted Hosts
The inetd Program
The File Transfer Protocol (FTP)
Electronic Mail
Forgery and Spoofing
Network Configuration
Sophisticated Network Attacks
Monitoring Network Security

Chapter 5 NIS, NFS, and RFS
The Network Information Service (NIS)
The Network File System (NFS)
The Remote File Sharing Service (RFS)

Chapter 6 Workstations
Single-User Mode
Super-User Access
Network Access
The PROM Monitor
Screen Access

Chapter 7 Terminals, Modems, and UUCP
Dial-Up Modems
Terminal Servers
The UNIX-to-UNIX Copy Program (UUCP)

Chapter 8 Responding to Attacks

Chapter 9 Encryption and Authentication
Encrypting and Authenticating Electronic Mail

Chapter 10 Security Policies
Establishing Policies and Why
Access to the System
Password Policies
Proper Use
System Staff Rights and Responsibilities
Copyrights and Licenses
Guidelines for the Secure Operation of the Internet

Chapter 11 Security Software
Obtaining Fixes and New Versions
Publicly Available Software
RSA Privacy-Enhanced Mail
The National Computer Security Center

Chapter 12 Obtaining Security Information
Computer Security Incident Response Capabilities
Forming a CSIRC
Vendor Security Notification
Mailing Lists
USENET Newsgroups
Suggested Reading



Appendix A A Password Cracker

Appendix B A File System Checker

Appendix C Kerberos Dialogue

Appendix D A Complete Security Policy

Appendix E UNIX Security Checklist