Search

Search Tips

Practical UNIX and Internet Security, Third Edition

By Simson Garfinkel, Gene Spafford, Alan Schwartz
February 2003
Pages: 986
ISBN 10: 0-596-00323-4 | ISBN 13: 9780596003234
(Average of 1 Customer Reviews)

Book description

This edition of Practical Unix & Internet Security provides detailed coverage of today's increasingly important security and networking issues. Focusing on the four most popular Unix variants today--Solaris, Mac OS X, Linux, and FreeBSD--this book contains new information on PAM (Pluggable Authentication Modules), LDAP, SMB/Samba, anti-theft technologies, embedded systems, wireless and laptop issues, forensics, intrusion detection, chroot jails, telephone scanners and firewalls, virtual and cryptographic filesystems, WebNFS, kernel security levels, outsourcing, legal issues, new Internet protocols and cryptographic algorithms, and much more.
Full Description

Post-purchase benefits:

Register your book | Submit Errata

---

Browse within this book

Cover | Table of Contents | Index | Sample Chapter | Colophon

Book details

Third Edition: February 2003
ISBN: 0-596-00323-4
Pages: 986
Average Customer Reviews: (Based on 1 Reviews)

---

Featured customer reviews

Practical Unix & Internet Security, 3rd Edition Review,  August 21 2003
Submitted by Charles McColm   [Respond | View]

At just under 1,000 pages the 3rd edition of Practical Unix & Internet Security might look intimidating on the shelf, but a quick glance through the pages reveals that it is both practical and entertaining. With Slammer and Blaster making their way into the news it seemed like a good time to brush up on security. Already considered a classic reference, the 3rd edition of Practical Unix & Internet Security provides extensive updated information about topics like PAM (Pluggable Authentication Modules), LDAP, forensics, intrusion detection, wireless devices, and cryptography.

Practical Unix & Internet Security is divided up into six sections:

The first sections covers the basics of computer security, tracing the history of Unix and security, as well as providing details of what should be in a good security policy.

The second section covers the building blocks of security, authentication, users and groups, filesystems, cryptography, physical security for servers, and personnel security.

Network and Internet security are focused on in the third section with emphasis on modems and dialup security, TCP/IP networks, securing TCP and UDP services, Sun RPC, NIS, Kerberos, LDAP, NFS, SAMBA, and finishing up with a chapter dedicated to secure programming techniques.

Day to day operations are the focus of the fourth section. Keeping up to date, making backups, defending accounts, using integrity checking tools, and auditing, logging, and forensics are all expanded upon in detail over 5 chapters.

The fifth section rounds off the main part of the book by describing how to handle security incidents. Special focus is given to discovering a break-in, protecting against programmed threats, Denial of Service Attacks (& DDoS), legal options, and a chapter on who you can trust.

The Appendixes make up the sixth and final section. Not a spot is wasted in the appendixes which begin with a Unix security checklist, and then outline Unix processes, provide both extensive paper and electronic resources, and conclude with a sub-section on security organizations.

Among the topics I found most interesting were: Access Control Lists (ACL), Pluggable Authentication Modules (PAM), the section about 128-bit keys and dictionary-based passwords, connection laundering, honeypots, the false syslog example, and the example detailing a call to Microsoft's anti-piracy help line. The real-life examples scattered throughout Practical Unix & Internet Security keep the security sections from seeming overwhelming. This is one of the few books that I've found ever chapter of the appendix useful, so don't overlook them as simple reference pages.

Normally one-liners are reserved for movie discussions but for those who've already delved into Practical Unix & Internet Security here are a few of my favorite one-liners:

“...we do believe that making files readable and writable by everyone leads to many evil deeds.” - talking about the octal mode 666.

“Humidity is your computer's friend.” - just before static discharge kills your entire system.

“Beware of Key Employees.” - warning against making one person so key that their departure could cause your company irreparable harm.

“You mean, you don't really have a copy? [of Windows 98]” - the last part of a conversation with Microsoft's Anti-Piracy line. The company which called Microsoft's was tracing some intruders who had uploaded a copy of Windows 98 to the company's web site and was using the site to peddle warez. Microsoft was just about to launch Windows 98. The example shows just how clueless some help desks can be.

There are a few spelling mistakes and grammatical flaws but not enough to take away from the bulk of the information and no glaring omissions. UUCP coverage was dumped because UUCP simply is not a practical anymore now that more advanced alternatives like sendmail exist. I started glazing over material by the middle of the NIS chapter but it probably had more to do with the fact that I was thinking about the other 400 or so pages I had to read before I finished the main section of the book rather than the topic itself.

One of the great things about Practical Unix & Internet Security is that it is appropriate for a wide audience. There is relevant material for system administrators, security, company decision makers, even the guy sitting at the accounting terminal. Despite its massive size Practical Unix & Internet Security is entertaining enough to be read cover to cover. (It's good for the arm muscles too) Though it is easy to read beginners should probably reread their system manual before plunging headlong into this book. All in all Practical Unix & Internet Security continues to be one of those must have books for any Linux user.

Read all reviews

---

Media reviews

"'Practical Unix & Internet Security, Third Edition'...is a classic that, like the proverbial farmer, is outstanding in it's field...'Practical Unix & Internet Security' remains the one-volume complete introduction to the basic issues of UNIX security...while profoundly technical and highly detailed, [this book] possesses a viewpoint well above the technical horizon...If you're in charge of security for any online UNIX system or systems, go to http://www.oreilly.com/catalog/puis3/inx.html and read the table of contents. You'll probably discover you could benefit from reading this uniquely useful and comprehensive volume that only improves with age."
--Jack Woehr, C/C++ Users Journal, February 2004

"Written by the team that defined the classic approaches to security...this comprehensive 1,000-page book provides the background, tools and suggestions from administrations needed to understand Unix and Internet security. The latest edition squeezes in much more information than the second. I particularly liked the detailed coverage of Mac OS X, which I haven't seen anywhere else. It's a worthy update."
--Vince Tuesday, "Computerworld," November 2003

"['Practical UNIX & Internet Security, Third Edition'] updates and revises this comprehensive classic for beginning to advanced administrators, with hands-on, applicable advice for securing UNIX and UNIX-like networks. While all examples are UNIX-specific, the underlying explanations of network security issues are useful overall. Its logical organization and clear explanations make it a good reference for larger libraries."
--Rachel Singer Gordon, Library Journal, October 1, 2003

"This is a solid update to an already solid book. New topics include LDAP, Samba,wireless, intrusion detection, Mac OS X, and much more."
--Peter Baer Galvin, "Sys Admin," July 2003

"A quarter of a million people have found earlier editions of this book useful, or at least that's what the blurb of this book would have us believe. Quite frankly, I wouldn't be surprised if that were a conservative estimate...If you want a really hands-on guide about your computer, and aren't afraid of having to really get into a great deal of depth, then 'Practical Unix & Internet Security' is a good read, and a great reference."
--Paul Hudson, "Linux Format," July 2003

"The 'practical' in the title is just that--this is a great book for working-stiff sysadmins who want the script kiddies and attackers to stay out of their systems."
--Rick Wayne, "Software Development," June 2003

"I especially like this book's treatment of how to handle security incidents, which are going to occur no matter how careful you are."
--Peter Coffee, eWeek, March 31, 2003

"'Practical Unix & Internet Security' is an excellent reference for those who need a starting point for developing security awareness as well as experienced administrators."
--Mack Lundy, Williamsburg Macromedia User Group, May 19, 2003
http://fsweb.wm.edu/wmmug/reviews/output.cfm?id=157

"This is a welcome update of what has become the definitive reference on securing real Unix systems, and more. The authors once again show that security can be achieved only with a sufficient understanding of how things work. If you run a Unix or Unix-like system, then you need this book."
--Wietse Venema, Author of TCP Wrappers, SATAN, Postfix

"When the first edition was published, this work became an instant classic. Indeed, it so thoroughly flattened the competition that since then, no book of real substance has come out covering the same territory. Paradoxically to some, host security is not only relevant, but actually more important in this age of networking, and this third edition is by far the best of its class, covering all the basics needed to both better understand security and secure your systems."
--Dan Farmer, Security Researcher

"Buy this book and save on aspirin."
--Cliff Stoll, Author of The Cuckoo's Egg and Silicon Snake Oil

"This is exactly the type of practical, easy to follow book that system administrators need to stay one step ahead of the system crackers --if you have time to read only one security book, this should be it."
--Kevin J. Ziese, Captain, United States Air Force; Chief, Countermeasures Development, AF Information Warfare Center

"The previous edition... was one of the first to seriously address the issues of security in a networked UNIX environment; with the explosive growth of the Internet since that time, plus the book's expanded coverage of cryptography, tools, new services, and protocols, the second edition will be an important part of any system administrator's bookshelf."
--Alec Muffett, Network Security Consultant and Author of the Crack Program

"This revised edition...ably chronicles the changing security world of the Internet, with a greatly increased emphasis on network security and firewalls. If you could only purchase one book on Internet security, this is the one you'd want."
--Dan Farmer, Author of the SATAN and COPS Programs

Reviews From Previous Edition

"If you're a novice at computer security and want to learn, get this book and set aside time to read some of it every day. The bookmark will move slowly, but keep moving it. If you're already an expert, get this book and keep it at hand as a reference--and read a chapter a month, just to remind yourself of things you've forgotten."
--Jennifer Vesperman, linuxchix.org

"If you know nothing about Linux security, and only have time for one book you should start with 'Practical Unix and Internet Security.' It's a fat book, but its accessible, and it gives you a solid grounding in the basics."
--Charlie Stross, Linux Format, May 2002

"If you're a TCP/IP network administrator, these three books published by O'Reilly on networking {'DNS & BIND;' 'TCP/IP Network Administration;' 'Practical Unix & Internet Security'} are indispensable. These three guides are essential to managing a TCP/IP Network."
--http://it-enquirer.com, March 2002

Hide extended reviews

• 
  

---

• Table of Contents
• Index
• Sample Chapter
• Colophon
• Register Your Book
• View/Submit Errata
• View/Submit Review