PRACTICAL UNIX ET INTERNET SECURITY 3RD EDI

Read more

Informationen zum Autor Simson Garfinkel, CISSP, is a journalist, entrepreneur, and international authority on computer security. Garfinkel is chief technology officer at Sandstorm Enterprises, a Boston-based firm that develops state-of-the-art computer security tools. Garfinkel is also a columnist for Technology Review Magazine and has written for more than 50 publications, including Computerworld, Forbes, and The New York Times. He is also the author of Database Nation; Web Security, Privacy, and Commerce; PGP: Pretty Good Privacy; and seven other books. Garfinkel earned a master's degree in journalism at Columbia University in 1988 and holds three undergraduate degrees from MIT. He is currently working on his doctorate at MIT's Laboratory for Computer Science. Gene Spafford, Ph.D., CISSP, is an internationally renowned scientist and educator who has been working in information security, policy, cybercrime, and software engineering for nearly two decades. He is a professor at Purdue University and is the director of CERIAS, the world's premier multidisciplinary academic center for information security and assurance. Professor Spafford and his students have pioneered a number of technologies and concepts well-known in security today, including the COPS and Tripwire tools, two-stage firewalls, and vulnerability databases. Spaf, as he is widely known, has achieved numerous professional honors recognizing his teaching, his research, and his professional service. These include being named a fellow of the AAAS, the ACM, and the IEEE; receiving the National Computer Systems Security Award; receiving the William Hugh Murray Medal of the NCISSE; election to the ISSA Hall of Fame; and receiving the Charles Murphy Award at Purdue. He was named a CISSP, honoris causa in 2000. In addition to over 100 technical reports and articles on his research, Spaf is also the coauthor of Web Security, Privacy, and Commerce, and was the consulting editor for Computer Crime: A Crimefighters Handbook (both from O'Reilly). Alan Schwartz, Ph.D. is an assistant professor of clinical decision making in the Departments of Medical Education and Pediatrics at the University of Illinois at Chicago. He is also the author of Managing Mailing Lists and the coauthor of Stopping Spam (both from O'Reilly). He serves as a consultant on Unix system administration for several ISPs. In his spare time, he develops and maintains the PennMUSH MUD server and brews beer and mead with his wife, with whom he also develops and maintains their son. Turn-ons for Alan include sailing, programming in Perl, playing duplicate bridge, and drinking Anchor Porter. Turn-offs include spam and watery American lagers. Klappentext When Practical Unix Security was first published more than a decade ago, it became an instant classic. Crammed with information about host security, it saved many a Unix system administrator from disaster. The second edition added much-needed Internet security coverage and doubled the size of the original volume. The third edition is a comprehensive update of this very popular book - a companion for the Unix/Linux system administrator who needs to secure his or her organization's system, networks, and web presence in an increasingly hostile world.Focusing on the four most popular Unix variants today--Solaris, Mac OS X, Linux, and FreeBSD--this book contains new information on PAM (Pluggable Authentication Modules), LDAP, SMB/Samba, anti-theft technologies, embedded systems, wireless and laptop issues, forensics, intrusion detection, chroot jails, telephone scanners and firewalls, virtual and cryptographic filesystems, WebNFS, kernel security levels, outsourcing, legal issues, new Internet protocols and cryptographic algorithms, and much more.Practical Unix & Internet Security consists of six parts: * Computer security basics: introduction to security problems and solutions, Unix history and lineage, and the importance of ...

List of contents

• 
  
  Preface
  
  


• 
  
  Computer Security Basics
  
  
  
  
  • 
    
    Chapter 1: Introduction: Some Fundamental Questions
    
    
  
  
  • 
    
    Chapter 2: Unix History and Lineage
    
    
  
  
  • 
    
    Chapter 3: Policies and Guidelines
    
    
  
  
  
  
  
• 
  
  Security Building Blocks
  
  
  
  
  • 
    
    Chapter 4: Users, Passwords, and Authentication
    
    
  
  
  • 
    
    Chapter 5: Users, Groups, and the Superuser
    
    
  
  
  • 
    
    Chapter 6: Filesystems and Security
    
    
  
  
  • 
    
    Chapter 7: Cryptography Basics
    
    
  
  
  • 
    
    Chapter 8: Physical Security for Servers
    
    
  
  
  • 
    
    Chapter 9: Personnel Security
    
    
  
  
  
  
  
• 
  
  Network and Internet Security
  
  
  
  
  • 
    
    Chapter 10: Modems and Dialup Security
    
    
  
  
  • 
    
    Chapter 11: TCP/IP Networks
    
    
  
  
  • 
    
    Chapter 12: Securing TCP and UDP Services
    
    
  
  
  • 
    
    Chapter 13: Sun RPC
    
    
  
  
  • 
    
    Chapter 14: Network-Based Authentication Systems
    
    
  
  
  • 
    
    Chapter 15: Network Filesystems
    
    
  
  
  • 
    
    Chapter 16: Secure Programming Techniques
    
    
  
  
  
  
  
• 
  
  Secure Operations
  
  
  
  
  • 
    
    Chapter 17: Keeping Up to Date
    
    
  
  
  • 
    
    Chapter 18: Backups
    
    
  
  
  • 
    
    Chapter 19: Defending Accounts
    
    
  
  
  • 
    
    Chapter 20: Integrity Management
    
    
  
  
  • 
    
    Chapter 21: Auditing, Logging, and Forensics
    
    
  
  
  
  
  
• 
  
  Handling Security Incidents
  
  
  
  
  • 
    
    Chapter 22: Discovering a Break-in
    
    
  
  
  • 
    
    Chapter 23: Protecting Against Programmed Threats
    
    
  
  
  • 
    
    Chapter 24: Denial of Service Attacks and Solutions
    
    
  
  
  • 
    
    Chapter 25: Computer Crime
    
    
  
  
  • 
    
    Chapter 26: Who Do You Trust?
    
    
  
  
  
  
  
• 
  
  Appendixes
  
  
  
  
  • 
    
    Unix Security Checklist
    
    
  
  
  • 
    
    Unix Processes
    
    
  
  
  • 
    
    Paper Sources
    
    
  
  
  • 
    
    Electronic Resources
    
    
  
  
  • 
    
    Organizations
    
    
  
  
  
  
  
• 
  
  Colophon
  
  





About the author










Simson Garfinkel, CISSP, is a journalist, entrepreneur, and international authority on computer security. Garfinkel is chief technology officer at Sandstorm Enterprises, a Boston-based firm that develops state-of-the-art computer security tools. Garfinkel is also a columnist for Technology Review Magazine and has written for more than 50 publications, including Computerworld, Forbes, and The New York Times. He is also the author of Database Nation; Web Security, Privacy, and Commerce; PGP: Pretty Good Privacy; and seven other books. Garfinkel earned a master's degree in journalism at Columbia University in 1988 and holds three undergraduate degrees from MIT. He is currently working on his doctorate at MIT's Laboratory for Computer Science.
Gene Spafford, Ph.D., CISSP, is an internationally renowned scientist and educator who has been working in information security, policy, cybercrime, and software engineering for nearly two decades. He is a professor at Purdue University and is the director of CERIAS, the world's premier multidisciplinary academic center for information security and assurance. Professor Spafford and his students have pioneered a number of technologies and concepts well-known in security today, including the COPS and Tripwire tools, two-stage firewalls, and vulnerability databases. Spaf, as he is widely known, has achieved numerous professional honors recognizing his teaching, his research, and his professional service. These include being named a fellow of the AAAS, the ACM, and the IEEE; receiving the National Computer Systems Security Award; receiving the William Hugh Murray Medal of the NCISSE; election to the ISSA Hall of Fame; and receiving the Charles Murphy Award at Purdue. He was named a CISSP, honoris causa in 2000. In addition to over 100 technical reports and articles on his research, Spaf is also the coauthor of Web Security, Privacy, and Commerce, and was the consulting editor for Computer Crime: A Crimefighters Handbook (both from O'Reilly).
Alan Schwartz, Ph.D. is an assistant professor of clinical decision making in the Departments of Medical Education and Pediatrics at the University of Illinois at Chicago. He is also the author of Managing Mailing Lists and the coauthor of Stopping Spam (both from O'Reilly). He serves as a consultant on Unix system administration for several ISPs. In his spare time, he develops and maintains the PennMUSH MUD server and brews beer and mead with his wife, with whom he also develops and maintains their son. Turn-ons for Alan include sailing, programming in Perl, playing duplicate bridge, and drinking Anchor Porter. Turn-offs include spam and watery American lagers.