Slashdot Mirror

← Back to Stories (view on slashdot.org)

Practical Unix & Internet Security

Posted by timothy on from the updated-classic dept.

Charles McColm writes "At just under 1,000 pages the 3rd edition of Practical Unix & Internet Security might look intimidating on the shelf, but a quick glance through the pages reveals that it is both practical and entertaining. With Slammer and Blaster making their way into the news it seemed like a good time to brush up on security. Already considered a classic reference, the 3rd edition of the book provides extensive updated information about topics like PAM (Pluggable Authentication Modules), LDAP, forensics, intrusion detection, wireless devices, and cryptography." Read on for the rest of McColm's impressions of the book. Practical Unix & Internet Security author Simson Garfinkel, Gene Spafford & Alan Schwartz pages 954 publisher O'Reilly & Associates rating 8/10 reviewer Charles McColm ISBN 0596003234 summary The 3rd edition of Practical Unix & Internet Security adds much-needed updated information to an already classic security text. It's very comprehensive but a little dry in parts.

Practical Unix & Internet Security is divided up into six sections:

The first section covers the basics of computer security, tracing the history of Unix and security, as well as providing details of what should be in a good security policy.

The second section covers the building blocks of security, authentication, users and groups, filesystems, cryptography, physical security for servers, and personnel security.

Network and Internet security are focused on in the third section, with emphasis on modems and dialup security, TCP/IP networks, securing TCP and UDP services, Sun RPC, NIS, Kerberos, LDAP, NFS, and SAMBA, and finishing up with a chapter dedicated to secure programming techniques.

Day-to-day operations are the focus of the fourth section. Keeping up to date, making backups, defending accounts, using integrity checking tools, and auditing, logging, and forensics are all expanded upon in detail over five chapters.

The fifth section rounds off the main part of the book by describing how to handle security incidents. Special focus is given to discovering a break-in, protecting against programmed threats, Denial of Service Attacks (& DDoS), legal options, and a chapter on who you can trust.

The Appendixes make up the sixth and final section. Not a spot is wasted in the appendixes, which begin with a Unix security checklist, and then outline Unix processes, provide extensive links to both paper and electronic resources, and conclude with a sub-section on security organizations.

Among the topics I found most interesting were: Access Control Lists (ACL), Pluggable Authentication Modules (PAM), the section about 128-bit keys and dictionary-based passwords, connection laundering, honeypots, the false syslog example, and the example detailing a call to Microsoft's anti-piracy help line. The real-life examples scattered throughout Practical Unix & Internet Security keep the security sections from seeming overwhelming. This is one of the few books that I've found ever chapter of the appendix useful, so don't overlook them as simple reference pages.

Normally one-liners are reserved for movie discussions but for those who've already delved into Practical Unix & Internet Security here are a few of my favorite one-liners:

  • "...we do believe that making files readable and writable by everyone leads to many evil deeds." - talking about the octal mode 666.

  • "Humidity is your computer's friend." - just before static discharge kills your entire system.

  • "Beware of Key Employees." - warning against making one person so key that their departure could cause your company irreparable harm.

  • "You mean, you don't really have a copy? [of Windows 98]" - the last part of a conversation with Microsoft's Anti-Piracy line. The company which called Microsoft's was tracing some intruders who had uploaded a copy of Windows 98 to the company's web site and was using the site to peddle warez. Microsoft was just about to launch Windows 98. The example shows just how clueless some help desks can be.

There are a few spelling mistakes and grammatical flaws but not enough to take away from the bulk of the information and no glaring omissions. UUCP coverage was dumped because UUCP simply is not a practical anymore now that more advanced alternatives like sendmail exist. I started glazing over material by the middle of the NIS chapter, but it probably had more to do with the fact that I was thinking about the other 400 or so pages I had to read before I finished the main section of the book rather than the topic itself.

One of the great things about Practical Unix & Internet Security is that it is appropriate for a wide audience. There is relevant material for system administrators, security, company decision makers, even the guy sitting at the accounting terminal. Despite its massive size Practical Unix & Internet Security is entertaining enough to be read cover to cover. (It's good for the arm muscles too.) Though it is easy to read, beginners should probably reread their system manual before plunging headlong into this book. All in all Practical Unix & Internet Security continues to be one of those must-have books for any Linux user.

You can purchase Practical Unix & Internet Security from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

34 of 123 comments (clear)

  1. Practical UNIX... by Anonymous Coward · · Score: 5, Funny

    The companion book seems, uh, interesting too. :)

    1. Re:Practical UNIX... by mav[LAG] · · Score: 3, Funny

      I prefer the older, more direct edition.

      --
      --- Hot Shot City is particularly good.
  2. the thing i always want to know by Transient0 · · Score: 4, Interesting

    when talking about computer books is:

    What does this book offer that I can't easily find by asking google or google groups?

    --
    lysergically yours
    1. Re:the thing i always want to know by Dr+Caleb · · Score: 5, Insightful
      What does this book offer that I can't easily find by asking google or google groups?

      No power requirements and need to connect to the Internet. Very handy feature.

      --
      "History doesn't repeat itself, but it does rhyme." Mark Twain
    2. Re:the thing i always want to know by hether · · Score: 2, Informative

      Most of the time the answer is not a lot, but that it sometimes a lot easier/quicker to find the information you need in a book and you can bring it with you, say on a plane, to use when you don't have an internet connection. But hey, if you want to use Google for everything go right ahead.

      --

      Most people would die sooner than think; in fact, they do.
    3. Re:the thing i always want to know by Transient0 · · Score: 2, Interesting

      which is the reason I specified "computer books." Of course, I could use the internet for word definitions as well, but I'm not always at the computer when I need them, so I own a dictionary.

      Perhaps I should have been more specific and said "networking books." When the topic is Internet Security, chances are pretty good you have a network connection available to you at the time when you are asking the questions.

      --
      lysergically yours
    4. Re:the thing i always want to know by fireboy1919 · · Score: 2, Funny

      Well, you can't use google or google groups to prop up your missing desk leg, and it won't help you reach that highest shelf to get your old physics book.

      It's also not nearly as impressive for that geek-babe you've had your eye on to catch you searching google as to catch you reading this.

      --
      Mod me down and I will become more powerful than you can possibly imagine!
    5. Re:the thing i always want to know by Kenterlogic · · Score: 3, Insightful

      While you make a good point about the power of google (see Thomas Friedman opinion on June 29). There is always falibility in the system to uncover results that are legitimate-- though always seemingly relevant. A book, and a longwinded one at that, is only good for putting everything in one place in this situation.

      That having been said, Linux security is pretty well documented and easy to search on google. If only Windows had a bit of security, then M$ could have a book of its own as well. Sadly, Windows and security contradict one another.

      --
      The New Root Council, kickin' ass sinc
    6. Re:the thing i always want to know by xanadu-xtroot.com · · Score: 3, Funny

      Sometimes people like to read, ph33r, offline.

      What's this "offline" thing you mention? I've never heard of it.

      What's their website?

      --
      I'm not a prophet or a stone-age man,
      I'm just a mortal with potential of a super man.
    7. Re:the thing i always want to know by kfg · · Score: 4, Funny

      What does this book offer that I can't easily find by asking google or google groups?

      A book.

      KFG

    8. Re:the thing i always want to know by KillerHamster · · Score: 2, Funny

      http://www.offline.org/

  3. Get for just $27! by Anonymous Coward · · Score: 5, Interesting

    Thanks to froogle price check

    1. Re:Get for just $27! by BladeRider · · Score: 3, Informative

      Barnes & Noble have the second edition available on CD as part of the CD Networking Bookshelf package for $14. Includes the DNS and Bind book, 3rd Ed. in hardcopy.

      --
      j.
  4. At least you have your health! by Anonymous Coward · · Score: 3, Funny

    How does one glance quickly through a 1000-page book without straining something important? ;-D

  5. UUCP by Medievalist · · Score: 5, Informative
    UUCP coverage was dumped because UUCP simply is not a practical anymore now that more advanced alternatives like sendmail exist.
    Um, I think you meant "UUCP is not necessary anymore now that PPP, NNTP and SMTP are widely supported".

    Sendmail (a program) is not an alternative to UUCP (a protocol). Even if you are talking about the UUCP software and not the protocol, the alternative is pppd, not sendmail.

    Sendmail still supports UUCP, but most distros do not enable that support, and hardly anyone uses UUCP anymore.
    1. Re:UUCP by philfr · · Score: 2, Interesting

      Actually, UUCP over TCP is probably the only sensible way to operate a full-featured mail server on a dynamic IP address or on an intermittent connection. Even people with dialup connections can have at home a full MTA serving multiple domains connected through UUCP to their (nice) provider. Other solutions (ETRN on SMTP, maildrop on POP3) are broken somewhere. UUCP is a generic store-and-forward protocol, supporting binary file transfer and custom commands, not only mail or news. UUCP mail transport can be easily customized, to add compression (third world countries have used that over slow dialup links), encryption, and of course it works over SSH (using the port forwarding features), SSL (with Stunnel). Even if it was designed for serial lines, its later protocol variants were optimized for TCP (full-duplex, no need for error correction...) Only people who don't know UUCP say that UUCP is obsolete. Alas, most ISPs don't know UUCP.

  6. Simson Garfinkel... by ravind · · Score: 5, Funny

    ...I love their music :D

  7. this vs. Robert Slade in comp.risks by ansak · · Score: 4, Interesting

    For more book reviews, especially on computer security, watch for Robert Slade's regular contributions to comp.risks. It doesn't look as though Robert has reviewed this one yet so I'll look forward to reading and comparing. His praise for a former edition seems uncharacteristically positive -- compare reviews of Secrets of a Super Hacker or Computer Security Basics -- so I'll be surprised if he doesn't praise this one, too...

    cheers...ank

    --
    Still hoping for Gentle Treatment...
  8. is there a digital copy with the book? by phaetonic · · Score: 4, Interesting

    my newest requirement is to have the book in PDF format so I can simply search for keywords, saving time, and hassle. having the PDF on a few different computers and storing the book away after skimming through it works better than having thousands and thousands of pages take up my precious 500 sq ft. apartment

    1. Re:is there a digital copy with the book? by prostoalex · · Score: 3, Informative

      Not PDF, but online in html.

    2. Re:is there a digital copy with the book? by LinuxHam · · Score: 3, Informative

      Being a good IBMer, here are a couple. :) But seriously, many people tend to miss IBM's publishing arm, and never even realize that all of their books are published as freely downloadable PDF's. Granted, there's an IBM slant to most of it, but there are some really good, get-to-the-good-stuff, hands-on tasty morsels in there. In fact, this book on AIX is currently $117 at Amazon. Take the PDF to OfficeMax and get a book bound with comb binding (so it opens flat) for 1/3rd the price, and you can put the CD you burned the PDF onto inside the back cover :)

      If you [have|want] to manage large quantities of Linux servers, pay closer attention to the Linux on zSeries materials since its customary to run hundreds of virtual Linux servers at a time, and they still need to be managed. Same goes for HPC clusters. Since these books are written by different people, its neat to hear the tack they've each taken to managing large-scale communities. One book even touches on configuring a Linux virtual server on a zbox with LEAF to serve as a software firewall for the remaining machines.

      You laugh!

      --
      Intelligent Life on Earth
  9. Re:1000 pages by BoomerSooner · · Score: 3, Informative

    This book is excellent. It's the best I've read on the subject and it has surprisingly good content where you're not bored out of your mind.

    Real World Linux Security

  10. Re:viruses by Medievalist · · Score: 4, Insightful
    one thing unix doesnt really have to worry about is viruses..
    I'm not so sure.

    Since people frequently use tools like NIS, rdist, rsync/ssh, and LDAP to create single authentication domains that span multiple physical boxen, somebody could use one of the usual social engineering tricks to get root on a single box and then load a boot-sector infector into the .profile in root's home dir. Then, every time root logs in on any particular physical box, that box get the boot-sector virus loaded.

    Best that *nix sysadmins remain on guard, regardless.
  11. and also importantly... by spamchang · · Score: 4, Insightful

    what about social engineering? or do they trust management and sysadmins to be socially mobile, compatible, and perceptive? i think humans are one of the weaker links in the security chain.

  12. Hey... by blueforce · · Score: 5, Funny

    One of the great things about Practical Unix & Internet Security is that it is appropriate for a wide audience

    I resemble that remark.

    --
    If you do what you always did, you get what you always got.
  13. HP-sUX still needs UUCP by Anonymous Coward · · Score: 2, Interesting

    Because the uucp uid still owns all the serial port hardware. You need UUCP so that your modems will work, even though they are not running the UUCP protocol.

    One MORE reason why HP-UX is the most GODAWFUL WORST *NIX on the FUCKING PLANET!

    1. Re:HP-sUX still needs UUCP by rifter · · Score: 2, Insightful

      Because the uucp uid still owns all the serial port hardware. You need UUCP so that your modems will work, even though they are not running the UUCP protocol.

      This is irrational. Presumably you could create any user/group you wanted and give it access to this hardware, so long as the users that the programs that need access to this hardware run as are also part of that group/that user. BUt why mess with perfection? If it works, there is no reason to change it. There is nothing magic about the name uucp. It just happens to be the name chosen by convention.

  14. This sounds like something I want on my shelf... by John+Seminal · · Score: 2, Insightful

    I know that many computer users do not ever look at computer security, they just plug it in and go. At the best, some of my friends will block ports, but that is about it. They do not check logs, or anything. And how many people out there have a second PC attached by serial cable to log intrusion data? I think if more people secured their systems, then everyones security would increase because there would be less places to launch attacks from. What we need is someone at the major distros to write a program which, when executed, will secure a system. Something which is point and click "easy".

    --

    Rosco: "If brains were gunpowder, Enos couldn't blow his nose."

  15. This book is overkill for slammer/blaster by SpaFF · · Score: 2, Insightful

    With Slammer and Blaster making their way into the news it seemed like a good time to brush up on security.

    You don't need a 1000 page book on security to patch your systems against worms; you need a 1 page book on common sense.

    --
    -----BEGIN GEEK CODE BLOCK----- Version: 3.12 GIT d? s: a-- C++++ UL++++ P++ L+++ E- W++ N o-- K- w--- O- M+ V PS+ P
  16. Re:viruses by jdludlow · · Score: 5, Funny
    boot-sector infector

    Sounds like a nerd garage band.

  17. Re:viruses by Eric+Ass+Raymond · · Score: 3, Funny

    Here I am. sitting at work listening to Husker Du, and I just realize that I wasted my youth - I never started a nerd garage band.

    --
    BOO! TERRO
  18. Sample Chapters by Anonymous Coward · · Score: 5, Informative

    Sample chapters of the book can be found here and here. I read this first one (the one on TCP/IP) and found that it was an excellent introducation to it. The other is on "secure programming techniques." Gotta read that.

  19. Re:Mode 666? by Anonymous Coward · · Score: 5, Informative

    ummmm...back to unix school for you...

    777 is rwxrwxrwx : Read, Write & Excutable for all

    666 is rw-rw-rw- : Read, Write for all

    remember octal? r=4; w=2; x=1

    r + w = 4 + 2 = 6

    rho

  20. Re:good book for beginners by LinuxHam · · Score: 3, Interesting

    Yes, an older edition of this book did help me back when I was a beginner. But, its also one of the books that taught me that by the time something is in print, it's already out of date.

    I learned all the great stuff about TCP Wrappers and how it was revolutionizing inetd. When I went to my Slackware box to try to implement, it was already done! Same for shadow passwords. Its funny in that, even being a 7 year user and an RHCE, it still seems like commercial UNIX was in the dark ages until the early 90's just based on those two features alone. Not to say MS was any better (my god no), but to require applications to have root privs to bind to a low port and have world-readable password hashes just seems like something from a million years ago. Different times, those were.

    I *still* have to instruct local UNIX pros on the virtues of ssh over telnet. If the X forwarding over ssh doesn't sell them on it, password collectors like ettercap will, every time ;)

    --
    Intelligent Life on Earth