Practical UNIX and Internet Security. 3rd Edition - Helion
ISBN: 978-14-493-1012-7
stron: 988, Format: ebook
Data wydania: 2003-02-21
Księgarnia: Helion
Cena książki: 160,65 zł (poprzednio: 186,80 zł)
Oszczędzasz: 14% (-26,15 zł)
When Practical Unix Security was first published more than a decade ago, it became an instant classic. Crammed with information about host security, it saved many a Unix system administrator from disaster. The second edition added much-needed Internet security coverage and doubled the size of the original volume. The third edition is a comprehensive update of this very popular book - a companion for the Unix/Linux system administrator who needs to secure his or her organization's system, networks, and web presence in an increasingly hostile world.Focusing on the four most popular Unix variants today--Solaris, Mac OS X, Linux, and FreeBSD--this book contains new information on PAM (Pluggable Authentication Modules), LDAP, SMB/Samba, anti-theft technologies, embedded systems, wireless and laptop issues, forensics, intrusion detection, chroot jails, telephone scanners and firewalls, virtual and cryptographic filesystems, WebNFS, kernel security levels, outsourcing, legal issues, new Internet protocols and cryptographic algorithms, and much more.Practical Unix & Internet Security consists of six parts:
- Computer security basics: introduction to security problems and solutions, Unix history and lineage, and the importance of security policies as a basic element of system security.
- Security building blocks: fundamentals of Unix passwords, users, groups, the Unix filesystem, cryptography, physical security, and personnel security.
- Network security: a detailed look at modem and dialup security, TCP/IP, securing individual network services, Sun's RPC, various host and network authentication systems (e.g., NIS, NIS+, and Kerberos), NFS and other filesystems, and the importance of secure programming.
- Secure operations: keeping up to date in today's changing security world, backups, defending against attacks, performing integrity management, and auditing.
- Handling security incidents: discovering a break-in, dealing with programmed threats and denial of service attacks, and legal aspects of computer security.
- Appendixes: a comprehensive security checklist and a detailed bibliography of paper and electronic references for further reading and research.
Osoby które kupowały "Practical UNIX and Internet Security. 3rd Edition", wybierały także:
- Learning Java Lambdas 373,75 zł, (29,90 zł -92%)
- The DevOps 2.1 Toolkit: Docker Swarm 332,22 zł, (29,90 zł -91%)
- Securing Network Infrastructure 199,33 zł, (29,90 zł -85%)
- Mastering Linux Security and Hardening 186,88 zł, (29,90 zł -84%)
- Blockchain Development with Hyperledger 175,88 zł, (29,90 zł -83%)
Spis treści
Practical UNIX and Internet Security. 3rd Edition eBook -- spis treści
- Practical Unix & Internet Security, 3rd Edition
- SPECIAL OFFER: Upgrade this ebook with OReilly
- A Note Regarding Supplemental Files
- Preface
- Unix Security?
- What This Book Is
- What This Book Is Not
- Third-Party Security Tools
- Scope of This Book
- Which Unix System?
- Versions Covered in This Book
- Secure Versions of Unix
- Conventions Used in This Book
- Comments and Questions
- Acknowledgments
- Third Edition
- Second Edition
- First Edition
- A Note to Would-Be Attackers
- Unix Security?
- I. Computer Security Basics
- 1. Introduction: Some Fundamental Questions
- What Is Computer Security?
- What Is an Operating System?
- What Is a Deployment Environment?
- Summary
- 2. Unix History and Lineage
- History of Unix
- Multics: The Unix Prototype
- The Birth of Unix
- Unix escapes AT&T
- Unix goes commercial
- The Unix Wars: Why Berkeley 4.2 over System V
- Unix Wars 2: SVR4 versus OSF/1
- Free Unix
- FSF and GNU
- Minix
- Xinu
- Linux
- NetBSD, FreeBSD, and OpenBSD
- Businesses adopt Unix
- Second-Generation Commercial Unix Systems
- What the Future Holds
- Security and Unix
- Expectations
- Software Quality
- Add-on Functionality Breeds Problems
- The Failed P1003.1e/2c Unix Security Standard
- Role of This Book
- Summary
- History of Unix
- 3. Policies and Guidelines
- Planning Your Security Needs
- Types of Security
- Trust
- Risk Assessment
- Steps in Risk Assessment
- Identifying assets
- Identifying threats
- Review Your Risks
- Steps in Risk Assessment
- Cost-Benefit Analysis and Best Practices
- The Cost of Loss
- The Probability of a Loss
- The Cost of Prevention
- Adding Up the Numbers
- Best Practices
- Convincing Management
- Policy
- The Role of Policy
- Standards
- Guidelines
- Some Key Ideas in Developing a Workable Policy
- Assign an owner
- Be positive
- Remember that employees are people too
- Concentrate on education
- Have authority commensurate with responsibility
- Be sure you know your security perimeter
- Pick a basic philosophy
- Defend in depth
- Risk Management Means Common Sense
- Compliance Audits
- Outsourcing Options
- Formulating Your Plan of Action
- Choosing a Vendor
- Get a referral and insist on references
- Beware of soup-to-nuts
- Insist on breadth of background
- People
- Reformed hackers
- Monitoring Services
- Final Words on Outsourcing
- The Problem with Security Through Obscurity
- Keeping Secrets
- Responsible Disclosure
- Summary
- Planning Your Security Needs
- 1. Introduction: Some Fundamental Questions
- II. Security Building Blocks
- 4. Users, Passwords, and Authentication
- Logging in with Usernames and Passwords
- Unix Usernames
- Authenticating Users
- Authenticating with Passwords
- Entering your password
- Changing your password
- Verifying your new password
- Changing another users password
- The Care and Feeding of Passwords
- Bad Passwords: Open Doors
- Smoking Joes
- Good Passwords: Locked Doors
- Password Synchronization: Using the Same Password on Many Machines
- Writing Down Passwords
- How Unix Implements Passwords
- The /etc/passwd File
- The Unix Encrypted Password System
- The traditional crypt ( ) algorithm
- Unix salt
- crypt16( ), DES Extended, and Modular Crypt Format
- The shadow password and master password files
- One-Time Passwords
- Public Key Authentication
- Network Account and Authorization Systems
- Using Network Authorization Systems
- Viewing Accounts in the Network Database
- NIS and NIS+
- Kerboros DCE
- NetInfo
- RADIUS
- LDAP
- Pluggable Authentication Modules (PAM)
- Summary
- Logging in with Usernames and Passwords
- 5. Users, Groups, and the Superuser
- Users and Groups
- The /etc/passwd File
- User Identifiers (UIDs)
- Groups and Group Identifiers (GIDs)
- The /etc/group file
- The Superuser (root)
- What the Superuser Can Do
- What the Superuser Cant Do
- Any Username Can Be a Superuser
- The Problem with the Superuser
- The su Command: Changing Who You Claim to Be
- Real and Effective UIDs with the su Command
- Saved IDs
- Other IDs
- Becoming the Superuser
- Use su with Caution
- Using su to Run Commands from Scripts
- Restricting su
- The su Log
- The sulog under Solaris
- The sulog under Berkeley Unix
- The sulog under Red Hat Linux
- Final caution
- sudo: A More Restrictive su
- Real and Effective UIDs with the su Command
- Restrictions on the Superuser
- Secure Terminals: Limiting Where the Superuser Can Log In
- BSD Kernel Security Levels
- Linux Capabilities
- Summary
- Users and Groups
- 6. Filesystems and Security
- Understanding Filesystems
- UFS and the Fast File System
- File contents
- Inodes
- Directories and links
- The Virtual Filesystem Interface
- Current Directory and Paths
- UFS and the Fast File System
- File Attributes and Permissions
- Exploring with the ls Command
- File Times
- File Permissions
- A file permissions example
- Directory Permissions
- chmod: Changing a Files Permissions
- Setting a Files Permissions
- Calculating octal file permissions
- Using octal file permissions
- Access Control Lists
- Setting a Files Permissions
- The umask
- The umask Command
- Common umask Values
- SUID and SGID
- Sticky Bits
- SGID and Sticky Bits on Directories
- SGID Bit on Files (System V-Derived Unix Only): Mandatory Record Locking
- Problems with SUID
- SUID Scripts
- An example of a SUID attack: IFS and the /usr/lib/preserve hole
- Finding All of the SUID and SGID Files
- The Solaris ncheck command
- Turning Off SUID and SGID in Mounted Filesystems
- Device Files
- Unauthorized Device Files
- Changing a Files Owner or Group
- chown: Changing a Files Owner
- Old and new chown behavior
- Use chown with caution
- chgrp: Changing a Files Group
- chown: Changing a Files Owner
- Summary
- Understanding Filesystems
- 7. Cryptography Basics
- Understanding Cryptography
- Roots of Cryptography
- Cryptography as a Dual-Use Technology
- A Cryptographic Example
- Cryptographic Algorithms and Functions
- Symmetric Key Algorithms
- Cryptographic Strength of Symmetric Algorithms
- Key Length with Symmetric Key Algorithms
- Common Symmetric Key Algorithms
- Attacks on Symmetric Encryption Algorithms
- Key search (brute force) attacks
- Cryptanalysis
- Systems-based attacks
- Public Key Algorithms
- Uses for Public Key Encryption
- Encrypted messaging
- Digital signatures
- Attacks on Public Key Algorithms
- Key search attacks
- Analytic attacks
- Known versus published methods
- Uses for Public Key Encryption
- Message Digest Functions
- Message Digest Algorithms at Work
- Uses of Message Digest Functions
- HMAC
- Attacks on Message Digest Functions
- Summary
- Understanding Cryptography
- 8. Physical Security for Servers
- Planning for the Forgotten Threats
- The Physical Security Plan
- The Disaster Recovery Plan
- Other Contingencies
- Protecting Computer Hardware
- Protecting Against Environmental Dangers
- Fire
- Smoke
- Dust
- Earthquakes
- Explosions
- Extreme temperatures
- Bugs (biological)
- Electrical noise
- Lightning
- Vibration
- Humidity
- Water
- Environmental monitoring
- Preventing Accidents
- Food and drink
- Controlling Physical Access
- Raised floors and dropped ceilings
- Entrance through air ducts
- Glass walls
- Defending Against Vandalism
- Ventilation holes
- Network cables
- Network connectors
- Utility connections
- Defending Against Acts of War and Terrorism
- Protecting Against Environmental Dangers
- Preventing Theft
- Understanding Computer Theft
- Laptops and Portable Computers
- Locks
- Tagging
- Laptop Recovery Software and Services
- RAM Theft
- Encryption
- Protecting Your Data
- Eavesdropping
- Wiretapping
- Eavesdropping over local area networks (Ethernet and twisted pairs)
- Eavesdropping on 802.11 wireless LANs
- Eavesdropping by radio and using TEMPEST
- Fiber optic cable
- Keyboard monitors
- Protecting Backups
- Verify your backups
- Protect your backups
- Sanitizing Media Before Disposal
- Sanitizing Printed Media
- Protecting Local Storage
- Printer buffers
- Printer output
- X terminals
- Function keys
- Unattended Terminals
- Built-in shell autologout
- Screensavers
- Key Switches
- Eavesdropping
- Story: A Failed Site Inspection
- What We Found
- Fire hazards
- Potential for eavesdropping and data theft
- Easy pickings
- Physical access to critical computers
- Possibilities for sabotage
- Nothing to Lose?
- What We Found
- Summary
- Planning for the Forgotten Threats
- 9. Personnel Security
- Background Checks
- Intensive Investigations
- Rechecks
- On the Job
- Initial Training
- Ongoing Training and Awareness
- Performance Reviews and Monitoring
- Auditing Access
- Least Privilege and Separation of Duties
- Departure
- Other People
- Summary
- Background Checks
- 4. Users, Passwords, and Authentication
- III. Network and Internet Security
- 10. Modems and Dialup Security
- Modems: Theory of Operation
- Serial Interfaces
- The RS-232 Serial Protocol
- Originate and Answer
- Baud and bps
- Modems and Security
- Banners
- Caller-ID and Automatic Number Identification
- One-Way Phone Lines
- Protecting Against Eavesdropping
- Kinds of eavesdropping
- Eavesdropping countermeasures
- Managing Unauthorized Modems with Telephone Scanning and Telephone Firewalls
- Telephone scanning
- Telephone firewalls
- Limitations of scanning and firewalls
- Modems and Unix
- Connecting a Modem to Your Computer
- Setting Up the Unix Device
- Checking Your Modem
- Originate testing
- Answer testing
- Privilege testing
- Protection of Modems and Lines
- Additional Security for Modems
- Summary
- Modems: Theory of Operation
- 11. TCP/IP Networks
- Networking
- The Internet
- Todays Internet
- Whos on the Internet?
- Networking and Unix
- The Internet
- IP: The Internet Protocol
- Internet Addresses
- IP networks
- Classical network addresses
- CIDR addresses
- Routing
- Hostnames
- Format of the hostname
- The /etc/hosts file
- Packets and Protocols
- ICMP
- TCP
- UDP
- Clients and Servers
- Name Service
- DNS under Unix
- Other naming services
- Internet Addresses
- IP Security
- Using Encryption to Protect IP Networks from Eavesdropping
- Hardening Against Attacks
- Firewalls and Physical Isolation
- Improving Authentication
- Authentication and DNS
- Authentication and email
- April Fools! authentication and Netnews
- Adding authentication to TCP/IP with ident
- Decoy Systems
- Summary
- Networking
- 12. Securing TCP and UDP Services
- Understanding Unix Internet Servers and Services
- The /etc/services File
- Calling getservbyname( )
- Ports cannot be trusted
- Starting the Servers
- Startup on different Unix systems
- Startup examples
- The inetd Program
- The /etc/services File
- Controlling Access to Servers
- Access Control Lists with TCP Wrappers
- What TCP Wrappers does
- The TCP Wrappers configuration language
- Making sense of your TCP Wrappers configuration files
- Using a Host-Based Packet Firewall
- The ipfw host-based firewall
- An ipfw example
- Access Control Lists with TCP Wrappers
- Primary Unix Network Services
- echo and chargen (TCP and UDP Ports 7 and 19)
- systat (TCP Port 11)
- FTP: File Transfer Protocol (TCP Ports 20 and 21)
- Anonymous FTP
- FTP active mode
- FTP passive mode
- Setting up an FTP server
- Restricting FTP with the standard Berkeley FTP server
- Setting up anonymous FTP with the standard Unix FTP server
- Allowing only FTP access
- SSH: The Secure Shell (TCP Port 22)
- Host authentication with SSH
- Client authentication with SSH
- Telnet (TCP Port 23)
- SMTP: Simple Mail Transfer Protocol (TCP Port 25)
- Configuration files
- Security concerns with SMTP banners and commands
- SMTP relaying and bulk email (a.k.a. spam)
- Overflowing system mailboxes
- Delivery to programs
- Overall security of Berkeley sendmail versus other MTAs
- TACACS and TACACS+ (UDP Port 49)
- Domain Name System (DNS) (TCP and UDP Port 53)
- DNS zone transfers
- DNS nameserver attacks
- DNSSEC
- DNS best practices
- BOOTP: Bootstrap Protocol, and DHCP: Dynamic Host Configuration Protocol (UDP Ports 67 and 68)
- TFTP: Trivial File Transfer Protocol (UDP Port 69)
- finger (TCP Port 79)
- The .plan and .project files
- Disabling finger
- HTTP, HTTPS: HyperText Transfer Protocol (TCP Ports 80, 443)
- POP, POPS: Post Office Protocol, and IMAP, IMAPS: Internet Message Access Protocol (TCP Ports 109, 110, 143, 993, 995)
- Sun RPCs portmapper (UDP and TCP Ports 111)
- Identification Protocol (TCP Port 113)
- NNTP: Network News Transport Protocol (TCP Port 119)
- NTP: Network Time Protocol (UDP Port 123)
- Sudden changes in time
- An NTP example
- SNMP: Simple Network Management Protocol (UDP Ports 161 and 162)
- rexec (TCP Port 512)
- rlogin and rsh (TCP Ports 513 and 514)
- Trusted hosts and users
- Specifying trusted hosts with /etc/hosts.equiv and ~/.rhosts
- /etc/hosts.lpd file
- RIP Routed: Routing Internet Protocol (UDP Port 520)
- The X Window System (TCP Ports 6000-6063)
- /etc/logindevperm
- X security
- The xhost facility
- Using Xauthority magic cookies
- Tunneling X with SSH
- RPC rpc.rexd (TCP Port 512)
- Communicating with MUDs, Internet Relay Chat (IRC), and Instant Messaging
- Managing Services Securely
- Monitoring Your Host with netstat
- Limitation of netstat and lsof
- Monitoring Your Network with tcpdump
- Network Scanning
- Monitoring Your Host with netstat
- Putting It All Together: An Example
- Summary
- Understanding Unix Internet Servers and Services
- 13. Sun RPC
- Remote Procedure Call (RPC)
- Suns portmap/rpcbind
- RPC Authentication
- AUTH_NONE
- AUTH_UNIX
- AUTH_DES
- AUTH_KERB
- Secure RPC (AUTH_DES)
- Secure RPC Authentication
- Proving your identity
- Using Secure RPC services
- Setting the window
- Setting Up Secure RPC with NIS
- Creating passwords for users
- Creating passwords for hosts
- Making sure Secure RPC support is running on every workstation
- Using Secure RPC
- Limitations of Secure RPC
- Secure RPC Authentication
- Summary
- Remote Procedure Call (RPC)
- 14. Network-Based Authentication Systems
- Suns Network Information Service (NIS)
- NIS Fundamentals
- Including or excluding specific accounts
- Importing accounts without really importing accounts
- NIS Domains
- NIS Netgroups
- Setting up netgroups
- Using netgroups to limit the importing of accounts
- Limitations of NIS
- Spoofing RPC
- Spoofing NIS
- NIS is confused about +
- Unintended Disclosure of Site Information with NIS
- NIS Fundamentals
- Suns NIS+
- What NIS+ Does
- NIS+ Tables and Other Objects
- Using NIS+
- Changing your password
- When a users passwords dont match
- NIS+ Limitations
- Kerberos
- Kerberos Authentication
- Initial login
- Using the ticket-granting ticket
- Authentication, data integrity, and secrecy
- Kerberos 4 versus Kerberos 5
- Getting Kerberos
- Using Kerberos
- Kerberos Limitations
- Kerberos Authentication
- LDAP
- LDAP: The Protocol
- LDAP Integrity and Reliability
- Authentication with LDAP
- nss_ldap
- pam_ldap
- Configuring Authentication with nss_ldap
- Setting up the LDAP server
- Setting up the LDAP clients
- Other Network Authentication Systems
- DCE
- SESAME
- Summary
- Suns Network Information Service (NIS)
- 15. Network Filesystems
- Understanding NFS
- NFS History
- File Handles
- The MOUNT Protocol
- The NFS Protocol
- How NFS creates a reliable filesystem from a best-effort protocol
- Hard, soft, and spongy mounts
- Connectionless and stateless
- NFS and root
- NFS Version 3
- Server-Side NFS Security
- Limiting Client Access: /etc/exports and /etc/dfs/dfstab
- /etc/exports
- /usr/etc/exportfs
- Exporting NFS directories under System V: share and dfstab
- The showmount Command
- Limiting Client Access: /etc/exports and /etc/dfs/dfstab
- Client-Side NFS Security
- Improving NFS Security
- Limit Exported and Mounted Filesystems
- The example explained
- Export Read-Only
- Use Root Ownership
- Remove Group-Write Permission for Files and Directories
- Do Not Export Server Executables
- Do Not Export Home Directories
- Do Not Allow Users to Log into the Server
- Use fsirand
- Set the portmon Variable
- Use showmount -e
- Use Secure NFS
- Limit Exported and Mounted Filesystems
- Some Last Comments on NFS
- Well-Known Bugs
- For Real Security, Dont Use NFS
- Understanding SMB
- SMB History
- Protocols
- Name service
- Authentication
- File access
- Configuring the Samba Server
- Samba Server Security
- Connecting to the server
- User authentication
- Authorization
- Data integrity and privacy
- Samba Client Security
- Improving Samba Security
- Summary
- Understanding NFS
- 16. Secure Programming Techniques
- One Bug Can Ruin Your Whole Day . . .
- The Lesson of the Internet Worm
- An Empirical Study of the Reliability of Unix Utilities
- What he found
- Wheres the beef?
- Tips on Avoiding Security-Related Bugs
- Design Principles
- Coding Standards
- Things to Avoid
- Before You Finish
- Tips on Writing Network Programs
- Things to Do
- Things to Avoid
- Tips on Writing SUID/SGID Programs
- Using chroot( )
- Tips on Using Passwords
- Tips on Generating Random Numbers
- Unix Pseudorandom Functions
- rand( )
- random( )
- drand48( ), lrand48( ), and mrand48( )
- Picking a Random Seed
- A Good Random Seed Generator
- Unix Pseudorandom Functions
- Summary
- One Bug Can Ruin Your Whole Day . . .
- 10. Modems and Dialup Security
- IV. Secure Operations
- 17. Keeping Up to Date
- Software Management Systems
- Package-Based Systems
- Source-Based Systems
- Source code and patches
- CVS
- Updating System Software
- Learning About Patches
- Upgrading Distributed Applications
- Sensitive Upgrades
- Summary
- Software Management Systems
- 18. Backups
- Why Make Backups?
- The Role of Backups
- What Should You Back Up?
- Types of Backups
- Guarding Against Media Failure
- Replace tapes as needed
- Keep your tape drives clean
- Verify the backup
- How Long Should You Keep a Backup?
- Security for Backups
- Physical security for backups
- Write-protect your backups
- Data security for backups
- Legal Issues
- Deciding Upon a Backup Strategy
- Individual Workstation
- Backup plan
- Retention schedule
- Small Network of Workstations and a Server
- Backup plan
- Retention schedule
- Large Service-Based Network with Small Budget
- Backup plan
- Retention schedule
- Large Service-Based Networks with Large Budget
- Backup plan
- Retention schedule
- Backing Up System Files
- Which Files to Back Up?
- Building an Automatic Backup System
- Software for Backups
- Simple Local Copies
- Simple Archives
- Specialized Backup Programs
- Network Backup Systems
- Encrypting Your Backups
- Summary
- Why Make Backups?
- 19. Defending Accounts
- Dangerous Accounts
- Accounts Without Passwords
- Default Accounts
- The superuser account
- Other accounts
- Accounts That Run a Single Command
- Open Accounts
- Restricted shells
- How to set up a restricted account with rsh
- Potential problems with restricted shells
- Restricted Filesystem with the chroot( ) Jail
- Setting up the chroot( ) environment
- Limiting network servers
- Limiting users
- Checking new software
- Group Accounts
- Monitoring File Format
- Restricting Logins
- Managing Dormant Accounts
- Disabling an Account by Changing the Accounts Password
- Changing the Accounts Login Shell
- Finding Dormant Accounts
- Protecting the root Account
- Secure Terminals
- The wheel Group
- The sudo Program
- Trusted Path and Trusted Computing Base
- Trusted path
- Trusted computing base
- One-Time Passwords
- Integrating One-Time Passwords with Unix
- Token Cards
- Codebooks
- Administrative Techniques for Conventional Passwords
- Assigning Passwords to Users
- Constraining Passwords
- Password Generators
- Shadow Password Files
- Password Aging and Expiration
- Cracking Your Own Passwords
- Joetest: a simple password cracker
- The dilemma of password crackers
- Algorithm and Library Changes
- Account Names Revisited: Using Aliases for Increased Security
- Intrusion Detection Systems
- Summary
- Dangerous Accounts
- 20. Integrity Management
- The Need for Integrity
- Protecting Integrity
- Immutable and Append-Only Files
- The chflags command
- Kernel security level
- Read-Only Filesystems
- Immutable and Append-Only Files
- Detecting Changes After the Fact
- The Achilles Heel of Integrity Management Systems
- Comparison Copies
- Local copies
- Remote copies
- rdist
- Checklists and Metadata
- Simple listing
- Ancestor directories
- Checksums and Signatures
- Integrity-Checking Tools
- BSDs mtree and Periodic Security Scans
- Packaging Tools
- Integrity checking with RPM under Linux
- Integrity checking with the BSD pkg_info command
- Tripwire
- Building Tripwire
- Running Tripwire
- Summary
- 21. Auditing, Logging, and Forensics
- Unix Log File Utilities
- Essential Log Files
- Unix syslog
- The syslog message
- The syslog.conf configuration file
- Using syslog in a networked environment
- Incorporating syslog into your own programs
- Beware false syslog log entries
- Rotating Logs with newsyslog
- Swatch: A Log File Analysis Tool
- Running Swatch
- The Swatch configuration file
- lastlog File
- utmp and wtmp Files
- Examining the utmp and wtmp files
- The su command and the utmp and wtmp files
- last program
- Pruning the wtmp file
- loginlog File
- Process Accounting: The acct/pacct File
- Accounting with System V
- Accounting with BSD and Linux
- messages Log File
- Program-Specific Log Files
- aculog Log File
- sulog Log File
- xferlog Log File
- access_log Log File
- Logging Network Services
- Other Logs
- Designing a Site-Wide Log Policy
- Where to Log
- Logging to a printer
- Logging across the network
- Logging everything everywhere
- Where to Log
- Handwritten Logs
- Per-Site Logs
- Exception and activity reports
- Informational material
- Per-Machine Logs
- Exception and activity reports
- Informational material
- Per-Site Logs
- Managing Log Files
- Unix Forensics
- Shell History
- cron
- Network Setup
- Summary
- Unix Log File Utilities
- 17. Keeping Up to Date
- V. Handling Security Incidents
- 22. Discovering a Break-in
- Prelude
- Rule #1: Dont Panic
- Rule #2: Document
- Rule #3: Plan Ahead
- Discovering an Intruder
- Catching One in the Act
- Monitoring commands
- Other tip-offs
- What to Do When You Catch Somebody
- Contacting the Intruder
- Monitoring the Intruder
- Tracing a Connection
- How to Contact the System Administrator of a Computer You Dont Know
- Looking up information by domain
- Looking up information by IP address
- Contacting a sites ISP
- Alternative contact strategies
- Getting Rid of the Intruder
- Catching One in the Act
- Cleaning Up After the Intruder
- Analyzing the Log Files
- Preserving the Evidence
- Assessing the Damage
- New accounts
- Changes in file contents
- Changes in file and directory protections
- New SUID and SGID files
- Changes in .rhosts files
- Changes to .ssh/authorized_keys files
- Changes to the /etc/hosts.equiv file
- Changes to startup files
- Hidden files and directories
- Unowned files
- New network services
- Never Trust Anything Except Hardcopy
- Resuming Operation
- Damage Control
- Case Studies
- Rootkit
- Warez
- The follow-up
- faxsurvey
- Summary
- Prelude
- 23. Protecting Against Programmed Threats
- Programmed Threats: Definitions
- Security Scanners and Other Tools
- Back Doors and Trap Doors
- Logic Bombs
- Trojan Horses
- Trojan horses in mobile code
- Terminal-based Trojan horses
- Avoiding Trojan horses
- Viruses
- Worms
- Bacteria and Rabbits
- Damage
- Authors
- Entry
- Protecting Yourself
- Shell Features
- PATH attacks
- IFS attacks
- $HOME attacks
- Filename attacks
- Startup File Attacks
- .login, .profile, /etc/profile
- .cshrc, .kshrc, .tcshrc
- .emacs
- .exrc, .nexrc
- .forward, .procmailrc
- Other files
- Other initializations
- Abusing Automatic Mechanisms
- crontab entries
- inetd.conf
- /etc/mail/aliases, aliases.dir, aliases.pag, and aliases.db
- The at program
- System initialization files
- Other files
- Issues with NFS
- Shell Features
- Preventing Attacks
- File Protections
- World-writable user files and directories
- Writable system files and directories
- Group-writable files
- World-readable backup devices
- Shared Libraries
- File Protections
- Summary
- Programmed Threats: Definitions
- 24. Denial of Service Attacks and Solutions
- Types of Attacks
- Destructive Attacks
- Overload Attacks
- Process and CPU Overload Problems
- Too many processes
- Recovering from too many processes
- No more processes
- Safely halting the system
- CPU overload attacks
- Swap Space Problems
- Swapping to files
- Disk Attacks
- Disk-full attacks
- quot command
- inode problems
- Using partitions to protect your users
- Using quotas
- Reserved space
- Hidden space
- Tree structure attacks
- /tmp Problems
- Soft Process Limits: Preventing Accidental Denial of Service
- Process and CPU Overload Problems
- Network Denial of Service Attacks
- Service Overloading
- Message Flooding
- Signal Grounding and Jamming
- Clogging (SYN Flood Attacks)
- Ping of Death and Other Malformed Traffic Attacks
- Summary
- 25. Computer Crime
- Your Legal Options After a Break-in
- Filing a Criminal Complaint
- Choosing jurisdiction
- Local jurisdiction
- Federal jurisdiction
- Federal Computer Crime Laws
- Hazards of Criminal Prosecution
- The Responsibility to Report Crime
- Filing a Criminal Complaint
- Criminal Hazards
- Criminal Subject Matter
- Access Devices and Copyrighted Software
- Pornography, Indecency, and Obscenity
- Amateur Action
- Communications Decency Act
- Mandatory blocking
- Child pornography
- Copyrighted Works
- Cryptographic Programs and Export Controls
- Summary
- Your Legal Options After a Break-in
- 26. Who Do You Trust?
- Can You Trust Your Computer?
- Harrys Compiler
- Trusting Trust
- What the Superuser Can and Cannot Do
- Can You Trust Your Suppliers?
- Hardware Bugs
- Viruses on the Distribution Disk
- Buggy Software
- Hacker Challenges
- Security Bugs That Never Get Fixed
- Network Providers That Network Too Well
- Can You Trust People?
- Your Employees?
- Your System Administrator?
- Your Vendor?
- Your Consultants?
- Response Personnel?
- Summary
- Can You Trust Your Computer?
- 22. Discovering a Break-in
- VI. Appendixes
- A. Unix Security Checklist
- Preface
- Chapter 1: Introduction: Some Fundamental Questions
- Chapter 2: Unix History and Lineage
- Chapter 3: Policies and Guidelines
- Chapter 4: Users, Passwords, and Authentication
- Chapter 5: Users, Groups, and the Superuser
- Chapter 6: Filesystems and Security
- Chapter 7: Cryptography Basics
- Chapter 8: Physical Security for Servers
- Chapter 9: Personnel Security
- Chapter 10: Modems and Dialup Security
- Chapter 11: TCP/IP Networks
- Chapter 12: Securing TCP and UDP Services
- Chapter 13: Sun RPC
- Chapter 14: Network-Based Authentication Systems
- Chapter 15: Network Filesystems
- Chapter 16: Secure Programming Techniques
- Chapter 17: Keeping Up to Date
- Chapter 18: Backups
- Chapter 19: Defending Accounts
- Chapter 20: Integrity Management
- Chapter 21: Auditing, Logging, and Forensics
- Chapter 22: Discovering a Break-In
- Chapter 23: Protecting Against Programmed Threats
- Chapter 24: Denial of Service Attacks and Solutions
- Chapter 25: Computer Crime
- Chapter 26: Who Do You Trust?
- Appendix A: Unix Security Checklist
- Appendix B: Unix Processes
- Appendixes C, D, and E: Paper Sources, Electronic Sources, and Organizations
- B. Unix Processes
- About Processes
- Processes and Programs
- The ps Command
- Listing processes with Solaris and other Unix systems derived from System V
- Listing processes with versions of Unix derived from BSD, including Linux
- Process Properties
- Process identification numbers (PIDs)
- Process real and effective UIDs
- Process priority and niceness
- Process groups and sessions
- Creating Processes
- Signals
- Unix Signals and the kill Command
- Killing Multiple Processes at the Same Time
- Catching Signals
- Killing Rogue or Questionable Processes
- Controlling and Examining Processes
- gdb: Controlling a Process
- gcore: Dumping Core
- lsof: Examining a Process
- /proc: Examining a Process Directly
- pstree: Viewing the Process Tree
- Starting Up Unix and Logging In
- Process #1: /etc/init
- Logging In
- Running the Users Shell
- About Processes
- C. Paper Sources
- Unix Security References
- Other Computer References
- Computer Crime and Law
- Computer-Related Risks
- Computer Viruses and Programmed Threats
- Cryptography Books
- Cryptography Papers and Other Publications
- General Computer Security
- Network Technology and Security
- Security Products and Services Information
- Understanding the Computer Security Culture
- Unix Programming and System Administration
- Miscellaneous References
- Security Periodicals
- D. Electronic Resources
- Mailing Lists
- Response Teams and Vendors
- A Big Problem with Mailing Lists
- Major Mailing Lists
- Bugtraq
- CERT-advisory
- Computer underground digest
- Firewalls
- Firewall-Wizards
- RISKS
- SANS Security Alert Consensus
- Web Sites
- CIAC
- CERIAS
- FIRST
- NIST CSRC
- Insecure.org
- NIH
- Usenet Groups
- Software Resources
- chrootuid
- COPS (Computer Oracle and Password System)
- ISS (Internet Security Scanner)
- Kerberos
- nmap
- Nessus
- OpenSSH
- OpenSSL
- portmap
- portsentry
- SATAN
- Snort
- Swatch
- TCP Wrappers
- Tiger
- trimlog
- Tripwire
- wuarchive ftpd
- Mailing Lists
- E. Organizations
- Professional Organizations
- Association for Computing Machinery (ACM)
- American Society for Industrial Security (ASIS)
- Computer Security Institute (CSI)
- Electronic Frontier Foundation (EFF)
- Electronic Privacy Information Center (EPIC)
- High Technology Crimes Investigation Association (HTCIA)
- Information Systems Security Association (ISSA)
- International Information Systems Security Certification Consortium, Inc.
- The Internet Society
- IEEE Computer Society
- IFIP, Technical Committee 11
- Systems Administration and Network Security (SANS)
- USENIX/SAGE
- U.S. Government Organizations
- National Institute of Standards and Technology (NIST)
- National Security Agency (NSA)
- Emergency Response Organizations
- Department of Justice (DOJ)
- Federal Bureau of Investigation (FBI)
- U.S. Secret Service (USSS)
- Forum of Incident and Response Security Teams (FIRST)
- Computer Emergency Response Team Coordination Center (CERT/CC)
- Professional Organizations
- A. Unix Security Checklist
- Index
- About the Authors
- Colophon
- SPECIAL OFFER: Upgrade this ebook with OReilly