Practical UNIX and Internet Security

摘要: Preface Part I. Computer Security Basics 1. Introduction: Some Fundamental Questions What Is Security? an Operating System? a Deployment Environment? 2. Unix History and Lineage of Role This Book 3. Policies Guidelines Planning Your Needs Risk Assessment Cost-Benefit Analysis Best Practices Policy Compliance Audits Outsourcing Options The Problem with Through Obscurity II. Building Blocks 4. Users, Passwords, Authentication Logging in Usernames Passwords Care Feeding How Implements Network Account Authorization Systems Pluggable Modules (PAM) 5. Groups, the Superuser Users Groups (root) su Command: Changing Who You Claim to Be Restrictions on 6. Filesystems Understanding File Attributes Permissions chmod: File's umask SUID SGID Device Files Owner or Group 7. Cryptography Symmetric Key Algorithms Public Message Digest Functions 8. Physical for Servers Forgotten Threats Protecting Hardware Preventing Theft Data Story: A Failed Site Inspection 9. Personnel Background Checks On Job Departure Other People III. Internet 10. Modems Dialup Modems: Theory Operation Additional 11. TCP/IP Networks Networking IP: Protocol IP 12. Securing TCP UDP Services Controlling Access Primary Managing Securely Putting It All Together: An Example 13. Sun RPC Remote Procedure Call (RPC) Secure (AUTH_DES) 14. Network-Based Sun's Information Service (NIS) NIS+ Kerberos LDAP 15. NFS Server-Side Client-Side Improving Last Comments SMB 16. Programming Techniques One Bug Can Ruin Whole Day ... Tips Avoiding Security-Related Bugs Writing Programs SUID/SGID Using chroot( ) Generating Random Numbers IV. Operations 17. Keeping Up Date Software Management Updating System 18. Backups Why Make Backups? Backing 19. Defending Accounts Dangerous Monitoring Format Restricting Logins Dormant root One-Time Administrative Conventional Intrusion Detection 20. Integrity Need Detecting Changes After Fact Integrity-Checking Tools 21. Auditing, Logging, Forensics Log Utilities Process Accounting: acct/pacct Program-Specific Designing Site-Wide Handwritten Logs V. Handling Incidents 22. Discovering Break-in Prelude Intruder Cleaning Case Studies 23. Against Programmed Threats: Definitions Damage Authors Entry Yourself Attacks 24. Denial Solutions Types Destructive Overload 25. Crime Legal Criminal Hazards Subject Matter 26. Do Trust? Trust Computer? Suppliers? People? VI. Appendixes A. Checklist B. Processes C. Paper Sources D. Electronic Resources E. Organizations Index