Table of Contents
Preface
Unix "Security"?
What This Book Is
What This Book Is Not
Third-Party Security Tools
Scope of This Book
Which Unix System?
Versions Covered in This Book
"Secure" Versions of Unix
Conventions Used in This Book
Comments and Questions
Acknowledgments
Third Edition
Second Edition
First Edition
A Note to Would-Be Attackers
Part I
Chapter 1. Introduction: Some Fundamental Questions
What Is Computer Security?
What Is an Operating System?
What Is a Deployment Environment?
Summary
Chapter 2. Unix History and Lineage
History of Unix. Multics: The Unix PrototypeThe Birth of Unix
Unix escapes AT & T
Unix goes commercial
The Unix Wars: Why Berkeley 4.2 over System V
Unix Wars 2: SVR4 versus OSF/1
Free Unix
FSF and GNU
Minix
Xinu
Linux
NetBSD, FreeBSD, and OpenBSD
Businesses adopt Unix
Second-Generation Commercial Unix Systems
What the Future Holds
Security and Unix
Expectations
Software Quality
Add-on Functionality Breeds Problems
The Failed P1003.1e/2c Unix Security Standard
Role of This Book
Summary
Chapter 3. Policies and Guidelines
Planning Your Security Needs
Types of Security
Trust. Risk AssessmentSteps in Risk Assessment
Identifying assets
Identifying threats
Review Your Risks
Cost-Benefit Analysis and Best Practices
The Cost of Loss
The Probability of a Loss
The Cost of Prevention
Adding Up the Numbers
Best Practices
Convincing Management
Policy
The Role of Policy
Standards
Guidelines
Some Key Ideas in Developing a Workable Policy
Assign an owner
Be positive
Remember that employees are people too
Concentrate on education
Have authority commensurate with responsibility
Be sure you know your security perimeter
Pick a basic philosophy. Defend in depthRisk Management Means Common Sense
Compliance Audits
Outsourcing Options
Formulating Your Plan of Action
Choosing a Vendor
Get a referral and insist on references
Beware of soup-to-nuts
Insist on breadth of background
People
"Reformed" hackers
Monitoring Services
Final Words on Outsourcing
The Problem with Security Through Obscurity
Keeping Secrets
Responsible Disclosure
Summary
Part II
Chapter 4. Users, Passwords, and Authentication
Logging in with Usernames and Passwords
Unix Usernames
Authenticating Users
Authenticating with Passwords. Entering your passwordChanging your password
Verifying your new password
Changing another user's password
The Care and Feeding of Passwords
Bad Passwords: Open Doors
Smoking Joes
Good Passwords: Locked Doors
Password Synchronization: Using the Same Password on Many Machines
Writing Down Passwords
How Unix Implements Passwords
The /etc/passwd File
The Unix Encrypted Password System
The traditional crypt?(??) algorithm
Unix salt
crypt16(??), DES Extended, and Modular Crypt Format
The shadow password and master password files
One-Time Passwords
Public Key Authentication.