BKPRUNSC.RVW 930722 O'Reilly & Associates, Inc. 103 Morris Street, Suite A Sebastopol, CA 95472 800-998-9938 707-829-0515 fax: 707-829-0104 info@ora.com "Practical UNIX Security", Garfinkel and Spafford, 1991, spaf@cs.purdue.edu spafford@acm.org simsong@next.cambridge.ma.us simsong@media.mit.edu simsong@gnu.ai.mit.edu The title "Practical UNIX Security" is certainly apt. This book is definitely practical, and if your job involves system security, at whatever level, this book belongs on your desk. The book is well planned and comprehensive. While the emphasis and examples are from the UNIX operating system, background information is given on related (and important) topics such as modems, Internet connections and physical security. The writing and examples are clear and understandable, and should present no problems to the intelligent novice, but the additional material ensures that there is value here even for the UNIX guru. The five "parts" of the work (plus a set of appendices) present logical divisions of the topic. "UNIX and UNIX Security Basics" begins with an introductory chapter defining computer security, an operating system and UNIX. It continues through users and passwords; user accounts, "groups" and the "superuser"; and concludes with details of the UNIX file system. Part two deals with the enforcement of security. The chapters deal with the defence of accounts and the protection of data. In addition the uses of the various UNIX logging facilities are discussed. The final chapter in this topic deals with malicious software, referred to as "programmed threats". Part three covers communications aspects. This is highly important considering the strengths of UNIX in communications, the use of UNIX machines as bridges between other proprietary systems, and the participation of UNIX systems in the Internet. Chapters are devoted to modems, UUCP, networks (with special attention to the Internet), NFS, Kerberos and firewall machines. The fourth section begins to move away from strictly technical aspects, and starts to deal with your response to "security incidents". This may seem, to some, either irrelevant or defeatist. However, it points out an important attitude to have with respect to security: assume that, at some point, you are going to fail--and be prepared. The chapters here are no less practical than the foregoing, detailing the discovery of break-ins, denial of service attacks, and the (U.S.) legal aspects of security. (I appreciate the authors' forthrightness at this point: the chapter is entitled "Computer Security and U.S. Law", and doesn't assume one legal system fits all.) The final part deals with two other generic security topics, that of encryption and physical security. The remaining appendices are valuable resources in terms of a UNIX security checklist, lists of important UNIX files and processes, and a detailed discussion of the kerberos system. A final appendix lists other sources and resources. I feel some sense of failure in this review, providing merely an overview of the table of contents, and not being more "critical". The reality is, however, that this book is comprehensive and dependable. For those concerned with security and management of UNIX systems this work is a must. For those responsible for security more generally, there is still much of value here as a generic security reference. copyright Robert M. Slade, 1993 BKPRUNSC.RVW 930722 Post scriptum: I am informed that some of you will *not* have to buy it. The book is distributed with the "DECInspect for UNIX" product. The checklist in the book is the base for the default configuration of the product. ====================== DECUS Canada Communications, Desktop, Education and Security group newsletters Editor and/or reviewer ROBERTS@decus.ca, RSlade@sfu.ca, Rob Slade at 1:153/733 Author "Robert Slade's Guide to Computer Viruses" (Oct. '94) Springer-Verlag