Practical Unix & Internet Security, 3rd Edition

Simson Garfinkel | Gene Spafford | Alan Schwartz

The world's most business-critical transactions run on Unix machines, which means the machines running those transactions attract evildoers. Furthermore, a lot of those machines have Internet connections, which means it's always possible that some nefarious remote user will find a way in. The third edition of Practical Unix & Internet Security contains--to an even greater extent than its favorably reputed ancestors--an enormous amount of accumulated wisdom about how to protect Internet-connected Unix machines from intrusion and other forms of attack. This book is fat with practical advice on specific defensive measures (to defeat known attacks) and generally wise policies (to head off as-yet-undiscovered ones).

The authors' approach to Unix security is holistic and clever; they devote as much space to security philosophy as to advice about closing TCP ports and disabling unnecessary services. They also recognize that lots of Unix machines are development platforms, and make many recommendations to consider as you design software. It's rare that you read a page in this carefully compiled book that does not impart some obscure nugget of knowledge, or remind you to implement some important policy. Plus, the authors have a style that reminds their readers that computing is supposed to be about intellectual exercise and fun, an attitude that's absent from too much of the information technology industry lately. Read this book if you use any flavor of Unix in any mission-critical situation. --David Wall

Topics covered: Security risks (and ways to limit them) under Linux, Solaris, Mac OS X, and FreeBSD. Coverage ranges from responsible system administration (including selection of usernames and logins) to intrusion detection, break-in forensics, and log analysis.

1 A mile wide, several inches deep, great for filling in gaps
I hate to repeat the cliche, but if you can only buy one security book this year and you are a *nix geek, this should be it, hands down. As some point out, you can probably find everything in this book online, but then again you can find anything online, so why buy any books at all? I don't like giving 5 stars; this book left me no choice.

The strength of this book lies in several areas. First, the authors probably have 50+ years experience between them and it shows. You really get the impression that they've "been there, done that". But they don't try and "wow" you with their intelligence and they aren't condescending, in fact they write quite clearly.

The "mile wide" crack I made in the title refers to the fact that this book covers everything from physical security and social engineering, to how to setup up integrity checking with tripwire and use PAM. Basically I found this book to be invaluable because while I could breeze through certain sections, there was a ton of material that I needed more knowledge about, but either never got around to it, or didn't even know I was lacking. An example is NFS. I knew I needed more background about NFS because I work in infosec, but every place I've ever worked has banned NFS outright, which makes it a little more difficult to learn.... Another 2 technologies pop into my mind: LDAP and PAM. I knew what they were, but now I know how to set up the basics and can branch out on my own.

In our infosec world it's simply not possible to know everything. This book gives the reader a solid grounding in a ton of stuff, which enables him to go out and Google around intelligently for more advanced information. In a pinch it can also be used as an anti-theft device since it weighs in at 900+ pages and is quite heavy.

2 Awesome security book!
Practical Unix & Internet Security, the 3rd Edition has a ton of new useful information.

If you have but one security reference, this should be it!

3 Best for beginners
As a Linux administrator, I ordered this book hoping to find out how hackers typically gain access to systems and neat little tricks for locking down my system, as well as detecting and dealing with intruders. While Practical Unix & Internet Security did cover these topics, it covered little I didn't already know.

Significant time is spent explaining how unix-based systems work. The book covers things such as file systems, partition structure, file ownership/permissions, users and groups, inodes, ssh, backups, etc. Each command, utility, procedure or feature is detailed over several pages followed by an explanation of what you should be doing with said topic.

There are also a few real-world examples here and there; stories most of us have heard before, like the admin who had . in his path.

Unlike many computer books, this one is well written and an easy read, and it's certainly a lot more friendly than some unix geeks who's advice consists of RTFM.

I think this book would be great for someone who has a very basic understanding of unix-based systems but has never administrated one before, but for those of us who've already had some experience running unix there's probably not anything new here for you.

4 One excellent security resource!!
Practical, indeed, and insightful! Loaded with security principles and procedures to enforce those principles. A valuable, lasting security guide for its principles alone; this is not one of those books that will be obsolete in a couple years. Very broad, covering all major aspects of computer security; it's like many books in one. Teaches the whats, whys, and hows of each aspect. Also contains some history as well as some humorous accounts. Descriptions and procedures are applied to the most popular Unix systems (focuses on Solaris, Mac OS X, Linux, & FreeBSD, but discusses many more). Very educational, understandable, and practical--even for newbies like me desiring to lock down their system. Appendix contains a helpful security checklist summarizing each chapter's content.

5 Outstanding resource for Network Security
Book Review
By: Brett

Practical Unix & Internet Security

Wow where to begin, First I would like to say that my forte is Network security and this book really covered it all.
Had nice presentation, easy to follow and was very detailed. From the opening line to the last page this book has
something for everybody that is interested in keeping there computers and network secure and safe!
I have tried several of the what-if's and scripts provided or recommended settings on my own network and they
worked as describe. There was a lot of research put into this book and also timely material so as to not be outdated
when it hits the shelves. The Appendixes very an especially nice touch with loads of valuable information and checklist.
I would not hesitate to recommend this book to everyone from Novices on there home computer to Network admins
running multi billion dollar operations.
Again very well done!
~Brett~
...

6 A great resource
Being relatively new to unix security, I've found this book to be an immense help. It provides both a quick and easy reference to the generalities of security, while providing more indepth information when necessary. With its help, I feel relatively confident about the security of my home network.

I was also pleased to see that many of the concepts covered for larger implementations were noticable in the security policies and paradigm of my workplace, which makes use of numerous LANs and WANs for day to day business, many of which requiring security anbd confidentiality.

I would highly recommend this book to anyone interested in unix and internet security, be they new to the field or firmly established.

7 Little Giant. . . Vade Mecum
The second edition of this book was my security vade mecum for the last 8 years. For what I can foresee, this third edition, will play the same role for (at least) the next three years.

When you are required as an security expert, several tasks are usually to be faced:

New scenarios to analyze?, checklists to recommend?, good firewall architectures to suggest?, logs to watch? (and so on). Don't worry, with the only help of this Garfinkel, Spafford and Schwartz 'little giant' book, you are done.

Excellent book. A Must for security people.

8 Little old but still a valuable classic
Practical UNIX and Internet Security by Garfinkel and Spafford is a fundamental work on the subject. The authors not only are widely respected professionals in the field, but good writers as well (or is this O'Reilly's editors? :-). Anyway, this book despite its size is readable, still has lots of information, and comes highly recommended. As one of the other reviewers of this book has written, the details of systems and software may change, but the underlying security and good management practices will not. The reason I give it 4 out of 5 stars is because it is published a while ago.
Edgar Danielyan CCNP(Security) ISA www.danielyan.com

9 don't waste your money
This book is seriously outdated, and even when it wasn't it was useless. Don't be fooled by the five star reviews; they are most likely written by people who are a.) friends of spaf or b.) have no clue about computer security. Eugene Spafford likes to talk, but he has little skill. He would rather waste his time preaching his opinions on vulnerability disclosure than take the time to get a clue. Don't get this book unless you are looking for a few laughs. I could write one paragraph on unix security, and if you took my advice you would be much more secure than if you read this whole useless book. What gives Spafford the right to write a book on this subject anyway? He himself was hacked by known vulnerabilities several times, and that has been documented in the book "Underground". Looking at all the five star reviews for this book makes me realize why most networks are insecure; because the people who run them read this (...) and think they are locked down. I could go on and on, but I'm not going to.

10 IA Professionals should have this book memorized
This is the first book a person considering a career as an Information System Security Professional (ISSP) should read. If you are a ISSP, get this book. If you fall asleep reading it, you may want to think about another career. This book provides the fundamentals and will help you to understand information security manuals. ISSPs speak their own language with multiple acronyms and terms such as I&A, IDS, Orange Book, DAC, MAC, etc.

11 No better Unix/Internet security book exists...
Sure, it's a bit dated, but it's still the best book on this subject. It doesn't go into as much depth in certain areas as other books might (e.g., "Building Internet Firewalls, 2nd Edition", By Elizabeth D. Zwicky, Simon Cooper & D. Brent Chapman, published by O'Reilly & Assoc.), but then it covers a much broader array of subjects.

If you're a Unix admin but your primary job is not Security, then this probably needs to be one of your core books on your bookshelf. If you are a Security admin, then this book should be the core of a whole collection of books you need.

12 Basic introduction
A very good introduction to UNIX and Security. There is valuble information even for experts, however you have to dig for it. In general the book reads like a story book and is very easy to understand. This is a disadvantage sometimes when you just want to refer to something and you have to go through pages and pages of not so useful information.

13 Definitive Guide to a Wide Variety of Security Issues
I read the first few chapters of this book, gave up on it for few months and then came back and finished it over the past month. Although some of the material is dated, there is a great deal of practical value in this book. One of my favorite sections was on encryption. The authors do an in depth treatment of DES, RSA, MD5 and other types of encryption/cryptography, even going into the algorithms used and what makes them difficult to crack. I also enjoyed the section on different types of log files and the treatment of different services - particularly the parts about X Windows and monitoring with Netstat. There were some sections in the middle that were a little slow- particularly the sections on physical and personnal security and the talk about telephones and modems. While this is useful info, perhaps it could be presented a little better. The section on the world wide web is definately dated but the treatment of rpc and name services (DNS,NIS,NIS+) is excellent. I also enjoyed the authors' description of how to set up a secure network and liked reading about computer security and the law. All in all I enjoyed this book and look forward to the 3rd addition.

14 A thorough book in an ever changing environment
This books is a very thorough hands-on guide to the subject of security for unix computers connected to the Internet.

It starts with basic subjects, such as passwords, backups, security auditing & logging, and physical security, and then continues with networking subjects, such as modems, TCP/IP, NFS, kerberos, firewalls, proxies, etc. important issues and terms are interwined - such as what is the rainbow series and legal issues.

The subject of computer & Internet security is changing quickly, and as other reviewers have written a book written a couple of years ago (I have the 1996 edition) is no longer up to date.

But I think it's a minor issue.

First, because one must still learn and protect against older attacks - an intruder will not shy away from trying to use an old security hole just because it's two months old. Hacks are not cheese, and cant be thrown out after two weeks.

Second, a sysadmin should get the basic information, terms, ways of thought, etc - and this book will teach this well - and then continuously look for new information and information sources.

This includes finding out about bugtraq, ntbugtraq, phrack, and any other new mailing lists and web sites regularily.

So I highly recommend this book to anyone who deals with the subject of unix & internet security.

15 My first intro to computer security; dated, but valuable
I am responsible for a 50+ person intrusion detection mission, and this was the first book I ever read on computer security. I started reading it in early 1998 while assigned to a HQ planning unit, after a UNIX instructor in England recommended it as "the Bible" of security. Back then the book was two years old. Now, four years on, some may argue the material is getting dated. Anyone interested in building a training program for a mostly UNIX shop would find the underlying structure and most material of the book extremely useful. While works dealing with standards tend to weather well, like Richard Stevens' "TCP/IP Illustrated" series, this book may be showing its age. Nevertheless, until you hear that edition three is in the wings, I still recommend this volume. Any news on the next edition, Simson and Spaf?

16 Excellent Reference/Information Work
An O'Reilly classic, this book belongs in the library of any system or network administrator, right next to Chapman and Zwicky's "Building Internet Firewalls" and Frisch's "Essential System Administration". In the style of other O'Reilly works, this one gives a great overview and explanation of many topics in security, with helpful appendicies including a checklist, emergency response teams (FIRST, CERT, etc.) and more. Well organized and much improved in the 2nd ed. (I also have the 1st ed.), it has aged well.

17 If you only read one book this year...
If you have anything to do with network administration, security or management, this is a "must read" book.

Common (and not-so-common) security situations are explained clearly, with good background and examples. Even the most basic sysadmin to the haughtiest guru can learn something from this book.

18 An excellent book for the computer auditor!
The best beginners guide to UNIX security and computer security in general I have ever read. In fact the only technical book I have read and enjoyed! This book explains first principles in computer security in an understandable way. This is particularly useful for computer auditors, who may not be technically competent in UNIX. I used this book to develop security audit programs for backup and recovery, incident management, basic UNIX security review and risk management. Consequently I was haled as a hero and a guru by management! New computer auditors should buy this now!

19 Excellent General Introduction
This is a superb discussion of networked-system security, in general. It doesn't pretend to be an up-to-the-minute shopping list of security flaws: that job is better left to web sites. Instead, the text educates readers with a conceptual idea of Computer Security that can be applied successfully to existing systems, and to systems not yet built. It's exactly the sort of educational value that we'd expect from simsong and spaf.

But it does go beyond theoretical education, to explain with great clarity fundamental issues in system security. Covering everything from physical security to filesystem quirks, this tome is fascinating in its scope. I have found the special section on writing solid network applications (CGI programs, and the like) to be of great value.

In short, this book provides the Common Body of Knowledge in computer security. Start here, and you'll have the basis for a comprehensive understanding of related issues -- one that transcends the individual bugs to see the bigger picture.

20 Excellent General Introduction
This is a superb discussion of networked-system security, in general. It doesn't pretend to be an up-to-the-minute shopping list of security flaws: that job is better left to web sites. Instead, the text educates readers with a conceptual idea of Computer Security that can be applied successfully to existing systems, and to systems not yet built. It's exactly the sort of educational value that we'd expect from simsong and spaf.

21 Book delivers answers to most important security questions.
This book is the textbook for a UNIX and Network Security course given by Victor Hazelwood at the San Diego Supercomputer Center. It presents important and immediate security issues a UNIX System Administrator or IT manager must face, and clearly shows how to protect your systems from unwanted intrusion. Worth having for the security references alone. This is a MUST HAVE reference for ALL UNIX System Administrators.

22 Very Important Book
This is a must-have for the new Unix admin. The book won't explain how attacks are done - the book objectively tells what the admin must do to avoid the most common attacks. I guess that for most admins, this is just what they need. Just don't expect to learn much on the nature of the attacks, just on how to defend against them.

23 Great.
I thought this book was great; it extends my knowledge of security in general (TCP IP, Firewalls, WWW, etc), and isn't that difficult to understand. I do find it intresting, however, that the co-author of a book on UNIX Security is the co-author of the UNIX Haters' handbook.. ?

24 Best and easiest to understand book about UNIX Security
This was the first book I have erver read in English and about UNIX Security. I used it to set up a Linux Gateway/Router and ether my mother tongue is German it was right that book I needed, without tons of parameters and commands - that can you find in help files and man pages ! If I want to buy a book there should be described how a firewall works and how to set it up - and not what to type at the command line exactly, because that demands on the used type and version of the OS. This book is really great !

25 Extremely useful, but basic and dated
I read this book and found it to be a great help. I did not know the basics of Unix security. This book was a great start. I read this book over a year ago, and still occasionally refer to pieces of it, (like when I was setting up tripwire, or when I want to find a "well known port".) However, for these days there should be a few additonal tips: 1) subscribe to every security mailing list you can find 2) get on your vendors mailing list 3) get the latest vendor supplied patches 4) beware of buffer overflows and suid programs 5) stay aware of what your logs are telling you 6) keep up with what's happening on the newsgroups and IRC, if possible.

I'd say that most break-ins are the result of not fixing a known hole, either through ignorance or wishful thinking. If you have a known hole, fix it.

26 Sub Par Performance from a Sub Par Author
the book contains little to no information that any intro security book hasnt already covered, the author of the UNIX Hater's book is definately showing his general dis interest in security for unix ... why he wrote this book is beyond me ... to sum up: dont waste 30-odd dollars for this .. if ya see another security book on the shelf .. try it cant be much worse

27 outdated and light on internet security
I should have paid more attention when I bought this book in a series of security books and I regret this buy. Its "best seller" position is IMO unjustified because the networking/internet sections (10 total lines on SSL!, mentions of Netscape 2.0b2, nothing on ICMPs attacks, 3 lines about spoofing...) are completly outdated and/or pretty useless.

28 Excellent book for those securing any TCP/IP network
This book covers a wide range of topics regarding internet security. For *NIX admins, a very good source of information about securing your network against the outside. For other Non-*NIX people, still very worth while for the coverage about securing TCP/IP networks in general, and understanding the various implications of running certain internet services.

29 Recommended with reservations for students & hobbyists only
Somewhat outdated -- two years old in a very dynamic field, Rootkit is not even mentioned, Bugtraq mentioned only in supplement, etc. Far from being practical and can be used only as an introductory text in Unix security. Not recommended for Internet security (superficial and incomplete). Good style --� Simson Garfinkel of The UNIX-Haters Handbook fame� is a really talented journalist (but now only a journalist, see his interview with Amazon.com).� The main problem with the book is that�instead of relying on tools as any Unix author should,�the authors use a cookbook/reference approach giving recipes about improving security. References to important RFCs, FAQ and CERT advisories are absent. For example RFC1244 (now superseded by RTC2196) is not mentioned in index(and probably in the text as well) although Ch.2 and Ch.24 mirror its content. No attempts were made to explain what tools can be used for�checking/fixing particular class of problems or to present a bigger picture in which the flaw exists. Typesetting is very primitive. Although one of the authors is a (former) programmer judging by just the book content it is difficult to believe that he is able to spell PERL :-). The book is not updated enough to compete with newer books on Internet Security. For corporate users possible alternatives are combinations of one book on Unix security (for example, Unix System Security by David A. Curry) and one book on Internet security (for example Actually Useful Internet Security Techniques by Larry J. Hughes). The last is recommended as an alternative for readers who cannot afford two books. Often books written by a specialist in particular areas can be a better deal than books from security folks. For example TCP/IP Network Administration by Craig Hunt contains a lot more information about how properly configure TCP/IP than this book and in Ch.12 has a very decent overview of security in just 40 pages.

30 Disappointing
Had this book cost me $5, I would've been perfectly happy with it, but for over $30... These people have written a lot, but said little. They did mention a few things to watch out for, but this could've been fit in under 50 pages. The rest is reiteration of trivial. Some topics, like cryptography, were a bait, but haven't been covered in depth. And, boy, about a third of the book talks about stuff from intro UNIX texts. I tend to think that people concerned with UNIX security know how to move between directories. Also worth knowing that Garfinkel co-authored so called "UNIX haters notebook". His prejudice shows.

31 Perfect
If UNIX security is part of your world and
you only have the budget for one book, this is
the one to buy! It is GREAT and a must have.

32 It's really Unix security with Internet thrown in
Great book on Unix security. I bought the first edition when it first came out. It was great. Once I saw the second edition I immediately bought it too. What a disappointment. The Internet security aspects of the book were quick and dirty, while the Unix security was excellent. I hate to say it but could it be that Internet sells better than Unix? Tom Cooper

33 Incredible!
This book opens up your mind to the various aspects of security in a Unix environment, and teaches you thousands things about TCP/IP, Kerberos, and even how to handle suspended accounts! With examples of shell scripts and illustrations of how computers interact, it is masterpeice for any system administrator who needs or wants to learn more about security and the internet in general