Authors: Simson Garfinkel, Alan Schwartz and Gene Spafford
Publisher: O’Reilly & Associates
In 1991 “Practical Unix Security” was released and became an instant hit in the Information Security community. Back then in the post Morris worm era, there was a need for an informative guide, describing the security techniques for the UNIX operating system. Five years after the initial release, the Internet started to evolve quickly, so the book received a revamp as “Practical Unix and Internet Security”. As it can be seen from the title, the publication covered a broader range of topics and once again found its place on a number of bookshelves around the globe. Another six or seven years passed by and security of both the Unix based operating systems and Internet in general changed considerably. Both the authors and the publisher saw the need for a bigger update to the book, so O’Reilly presented us with “Practical Unix Security 3rd Edition”.
About the authors
Simson Garfinkel, CISSP, is a journalist, entrepreneur, and international authority on computer security. Garfinkel is chief technology officer at Sandstorm Enterprises, a Boston-based firm that develops state-of-the-art computer security tools. Garfinkel earned a master’s degree in journalism at Columbia University in 1988 and holds three undergraduate degrees from MIT. He is currently working on his doctorate at MIT’s Laboratory for Computer Science.
Alan Schwartz, Ph.D. is an assistant professor of clinical decision making in the Departments of Medical Education and Pediatrics at the University of Illinois at Chicago. He serves as a consultant on Unix system administration for several ISPs. In his spare time, he develops and maintains the PennMUSH MUD server and brews beer and mead with his wife, with whom he also develops and maintains their son.
Gene Spafford, Ph.D., CISSP, is an internationally renowned scientist and educator who has been working in information security, policy, cybercrime, and software engineering for nearly two decades. He is a professor at Purdue University and is the director of CERIAS, the world’s premier multidisciplinary academic center for information security and assurance. Professor Spafford and his students have pioneered a number of technologies and concepts well-known in security today, including the COPS and Tripwire tools, two-stage firewalls, and vulnerability databases.
Inside the book
The book opens with a standard “computer security basics” focused section. The three included chapters, that will probably be skipped by the majority of the experienced readers, discuss some of the initial security ideas and provide a guide through Unix history since the release of Multics to the modern widely used free derivations. After taking a look at the Unix environment and a number of issues related to it, authors provide a sharp goal for this book – “If we can’t change Unix and the environment in which it runs, the next best thing is to learn how to protect the system the best we can”. Another nice addition to the basics part of the book is a chapter on security policies, which are often disregarded, causing serious problems to the organizations that don’t deploy them.
The second part, which should please both system users and administrators, introduces the most important security topics including user management and authentication, regular and super users positions, playing around the filesystem and cryptography. All of the sections receive a good overview from various user-type perspectives. This part of the book ends with two interesting chapters dealing with physical server security and personnel security, which will make you think about some things that you probably usually wouldn’t consider. These, mostly physical security related situations, include carbon monoxide detection, vandalism (including riots), eavesdropping, sanitazing disposable media, theft and terrorism. Although the majority of these situations are not likely to happen, it is good to be prepared for Murphy’s attacks.
Nowdays, most of the computers are connected to outside networks such as the Internet. This is a big threat, as connection to the mega network such as the Internet, provides malicious attackers a direct way to the doorstep of your computer system. In the third part of the book the authors discuss securing TCP and UDP services and Network Filesystems and present an overview on TCP/IP networks and some secure programming techniques. A chapter on securing TCP and UDP services is the longest chapter of this publications and surely provides a wealth of information on related servers and protocols.
While the previous parts were mainly connected to general security, the fourth part discusses only Unix system administration. The authors start with a chapter on securely patching and updating the system, where both source and package based installations are covered. More advanced chapter on protection of system accounts, carries on where the previously mentioned user management chapter ended. What follows is an interesting chapter that talks about two important processes: logging and forensics. All of these topics are, of course, filled with useful practical examples.
After 680 pages of security techniques, the fifth part prepares you for the situation you surely wouldn’t like to happen – a succesful hack attack. When an incident is discovered it is very important to follow some of the rules and take the measures, which the authors quite nicely summarized in the first chapter of this part. As the book is a practical guide, you will even get the practical examples for this chapter, in a way of several actual after-break-in case studies (watch out for a reprint of a phone call to the Microsoft Anti Piracy line).
The appendixes contain yet another interesting addition – a Unix security checklist, which summarizes the most important tips authors covered in more details throughout the book. This could act as a really nice reference guide for the readers.
My take on the book
If you are not familiar with one of the previous editions of this book, I should note that it is intented for a wide scope of users. Unix system administrators will most probably find some new tips and tricks to help them in their work. Novice users and security enthusiasts will find a great collection of information on security basics in general, as well as more advanced issues surrounding Unix and Unix like operating systems. Intermediate users that work in Unix environments and are interested in progressing their security concentrated knowledge, will find this book to be pure gold.
Altought the title, that contains “practical” and “security”, may give an impression that the book contains information on testing your own security through methods of self-hacking, the authors clearly note that the amount of the information that would be interesting to people wanting to break into computer systems is minimized. On the other hand, the book is intended to be a practical journey through the world of Unix security. It contains numerous practical examples that help administrators understand what should be done about securing their systems and what is the best way to do that.
There is a large number of security related publications that cover the topics of both Unix and Internet security. We on HNS reviewed a lot of them, so it is not hard to tell that “Practical Unix Security 3rd Edition” confirms the legendary status it has in the security field. The authors successfuly transformed their vast practical knowledge into making THE Unix security book.