UNIX System Security
UNIX System Security
A Guide for Users and System Administrators
by David A. Curry
ISBN 10: 0-201-56327-4 / ISBN 13: 9780201563276
Addison-Wesley Professional Computing Series
April 1992
The following is made available for your personal, non-commercial use only. You may cite this document as a bibliographic reference in any works that you are writing. Any commercial use of this document, including printing and distribution to groups of people (such as a classroom) is prohibited without my prior written permission.
Complete text of the book:
From the back cover...
Because the UNIX system was originally designed by programmers for use by other programmers, it was used in an environment of open cooperation where security was of minimal concern. Now that its use has spread to universities, businesses, and government, the confidential and sensitive nature of the data stored on UNIX systems has made the security of these systems of paramount importance.
Despite all of the technical papers and workshops on UNIX security, this book is unique. UNIX System Security is the first up-to-date source to provide the UNIX system user or administrator with the information needed to protect the data and system from unauthorized use. By following the procedures described in this book and making use of the C programs and shell scripts provided as examples, you can protect your UNIX system from most attackers.
The author begins by examining four high-profile breaches of UNIX security as illustrations of how a UNIX system can be attacked. He then provides the information necessary to protect against these forms of attack, and offers the tools that can be used to do so. Focusing on the most recent release of Berkeley and System V UNIX, and such vendor derivatives as SunOS and ULTRIX, the book gives information that can be applied to any version of UNIX since Seventh Edition.
Issues discussed include account and password security, securing the file system, encryption and authentication systems, TCP/IP network security, the Network Information Service (NIS), NFS, RFS, workstation security, terminals and modems, and UUCP. Other chapters describe how to respond if your system is attacked and how to develop a comprehensive security policy for your organization. The book also gives comprehensive lists of freely available security software, and publications and mailing lists dealing with UNIX security.
Table of Contents
Preface
Chapter 1 UNIX Security Stories
The Internet Worm
The Wily Hacker
A True UNIX Trojan Horse
Attacking UNIX With Viruses
Summary
Chapter 2 Account Security
Passwords
Expiration Dates
Guest Accounts
Well-Known Accounts
Group Accounts vs. Groups
Protecting an Account
Super-User
Monitoring Account Security
Summary
Chapter 3 File System Security
File Permissions
The umask Value
The write System Call
The Sticky Bit on Directories
The Set-Group-Id Bit on Directories
Set-User-Id and Set-Group-Id Shell Scripts
Devices
Backups
Monitoring File System Security
Summary
Chapter 4 Network Security
Trusted Hosts
The inetd Program
The File Transfer Protocol (FTP)
Electronic Mail
Finger
Forgery and Spoofing
Network Configuration
Sophisticated Network Attacks
Monitoring Network Security
Summary
Chapter 5 NIS, NFS, and RFS
The Network Information Service (NIS)
The Network File System (NFS)
The Remote File Sharing Service (RFS)
Summary
Chapter 6 Workstations
Single-User Mode
Super-User Access
Network Access
The PROM Monitor
Screen Access
Summary
Chapter 7 Terminals, Modems, and UUCP
Terminals
Dial-Up Modems
Terminal Servers
The UNIX-to-UNIX Copy Program (UUCP)
Summary
Chapter 8 Responding to Attacks
Detection
Response
Notification
Summary
Chapter 9 Encryption and Authentication
Encryption
Authentication
Encrypting and Authenticating Electronic Mail
Summary
Chapter 10 Security Policies
Establishing Policies and Why
Access to the System
Password Policies
Proper Use
System Staff Rights and Responsibilities
Copyrights and Licenses
Ethics
Guidelines for the Secure Operation of the Internet
Summary
Chapter 11 Security Software
Obtaining Fixes and New Versions
Publicly Available Software
RSA Privacy-Enhanced Mail
The National Computer Security Center
Summary
Chapter 12 Obtaining Security Information
Computer Security Incident Response Capabilities
Forming a CSIRC
Vendor Security Notification
Mailing Lists
USENET Newsgroups
Suggested Reading
Summary
Glossary
References
Appendix A A Password Cracker
Appendix B A File System Checker
Appendix C Kerberos Dialogue
Appendix D A Complete Security Policy
Appendix E UNIX Security Checklist
Index