- STAFF PICKS
- GIFTS + GIFT CARDS
- SELL BOOKS
- FIND A STORE
Used Mass Market
Usually ships in 5 to 7 business days
available for shipping or prepaid pickup only
Practical Unix & Internet Security 2ND Editionby Simson Garfinkel
Synopses & Reviews
When Practical UNIX Security was first published in 1991, it became an instant classic. Crammed with information about host security, it saved many a UNIX system administrator and user from disaster.This second edition is a complete rewrite of the original book. It's packed with twice the pages and offers even more practical information for UNIX users and administrators. It covers features of many types of UNIX systems, including SunOS, Solaris, BSDI, AIX, HP-UX, Digital UNIX, Linux, and others. The first edition was practical, entertaining, and full of useful scripts, tips, and warnings. This edition is all those things — and more.If you are a UNIX system administrator or user in this security-conscious age, you need this book. It's a practical guide that spells out, in readable and entertaining language, the threats, the system vulnerabilities, and the countermeasures you can adopt to protect your UNIX system, network, and Internet connection. It's complete — covering both host and network security — and doesn't require that you be a programmer or a UNIX guru to use it.Practical UNIX & Internet Security describes the issues, approaches, and methods for implementing security measures. It covers UNIX basics, the details of security, the ways that intruders can get into your system, and the ways you can detect them, clean up after them, and even prosecute them if they do get in. Filled with practical scripts, tricks, and warnings,Practical UNIX & Internet Security tells you everything you need to know to make your UNIX system as secure as it possible can be.Contents include:
A practical guide that describes system vulnerabilities and protective countermeasures, this book is the complete reference tool. Contents include UNIX and security basics, system administrator tasks, network security, and appendices containing checklists. The book also tells you how to detect intruders in your system, clean up after them, and even prosecute them.
When Practical UNIX Security was first published in 1991, it became an instant classic. Crammed with information about host security, it saved many a UNIX system administrator and user from disaster.
When Practical UNIX Security was first published in 1991, it became an instant classic. Crammed with information about host security, it saved many a UNIX system administrator and user from disaster. This second edition is a complete rewrite of the original book. It's packed with twice the pages and offers even more practical information for UNIX users and administrators. You'll find coverage of features of many types of UNIX systems, including SunOS, Solaris, BSDI, AIX, HP-UX, Digital UNIX, and Linux. Practical UNIX and Internet Security includes detailed coverage of Internet security and networking issues, including World Wide Web security, wrapper and proxy programs, integrity management tools, secure programming, and how to secure TCP/IP services (e.g., FTP, SMTP, DNS). Chapters on host security contain up-to-date details on passwords, the UNIX filesystem, cryptography, backups, logging, physical security, telephone security, UUCP, firewalls, and dealing with breakins. You'll also find extensive summary appendixes on freely available security tools, references, and security-related organizations.
Includes bibliographical references (p. 877-888) and index.
About the Author
Simson Garfinkel is a computer security researcher and an award-winning commentator on information technology. Among his twelve books are "Database Nation: The Death of Privacy in the 21st Century" (O Reilly, 2001) and "Practical UNIX and Internet Security, Third Edition" (O Reilly, 2003). A columnist for "CSO" magazine, Garfinkel s columns earned the 2004 and 2005 Jesse H. Neal National Business Journalism Award. He recently received his Ph.D. in computer science from MIT.
Beth Rosenberg is a writer, editor, and journalist with fifteen years of experience in emerging technologies. She has written for the "Boston Globe," "Boston" magazine, and the "Christian Science Monitor," and edited a book for Harvard s Kennedy School of Government.
Spafford is a professor at Purdue University, and Director of CERIAS.
Table of Contents
Table of Contents Preface to the Second Edition UNIX "Security?" What this Book is. What This Book isn't Scope of This Book Which Unix System? "Secure" Versions of Unix Conventions Used in This Book Obtaining the Examples Acknowledgments First Edition Second Edition Comments and Questions A Note to Nitpickers and Computer Crackers 1. Introduction What Is Computer Security? What Is an Operating System? History of UNIX Security and UNIX Expectations Software Quality Add-On Functionality Breeds Problems Role of This Book 2. Policies & Guidelines Planning your Security Needs Trust Risk Assessment A Simple Assessment Strategy Identifying Assets Identifying Threats Quantifying the Threats Review Your Risks Cost-Benefit Analysis The Cost of Loss The cost of prevention Adding up the Numbers Risk Cannot Be Eliminated Convincing Management Policy The Role of Policy Standards Guidelines Some Key Ideas in Developing a Workable Policy Assign an Owner Be positive Remember that employees are people too Concentrate on education Have authority commensurate with responsibility Pick a basic philosophy Defend in Depth The Problem with Security Through Obscurity Going Public Confidential Information Risk Management Means Common Sense 3. Users and Passwords Usernames Passwords The /etc/passwd File The /etc/passwd File and Network Databases Authentication Passwords are a Shared Secret Why Use Passwords? Conventional UNIX Passwords Entering Your Password Changing Your Password Verifying Your New Password The Care and Feeding of Passwords Bad Passwords: Open Doors Smoking Joe Good Passwords: Locked Doors Passwords on Multiple Machines Writing Down Passwords One-Time Passwords Summary 4. Users, Groups, and the Superuser Users and Groups User Identifiers (UIDs) Multiple Accounts with the Same UID Groups and Group Identifiers (GIDs) The /etc/group File Groups and Early System V Unix Groups and BSD or System V.4 Unix Special Usernames The Superuser Any username can be the superuser Superuser is not for casual use What the Superuser Can Do What the superuser can't do The Problem with the Superuser Other Special Users Impact of the /etc/passwd and /etc/group Files on Security su: Changing Who You Claim to Be Real and Effective UIDs Becoming the Superuser Using su with Caution Restricting su The Bad su Log The sulog under Berkeley UNIX Other Uses of su Summary 5. The UNIX Filesystem Files Directories Inodes Current Directory and Paths Using the ls Command File Times Understanding File Permissions File Permissions in Detail Using File Permissions chmod: Changing a File's Permissions Changing a File's Permissions Calculating Octal File Permissions Using Octal File Permissions Access Control Lists AIX Access Control Lists HP-UX access control lists The umask The umask Command Common umask Values Using Directory Permissions SUID SUID, SGID, and Sticky Bits Problems with SUID SUID Shell Scripts write: Example of a Possible SUID/SGID Security Hole Another SUID Example: IFS and the /usr/lib/preserve Hole Finding All of the SUID and SGID Files The ncheck Command. Turning Off SUID and SGID in Mounted Filesystems SGID and Sticky Bits on Directories SGID Bit on Files (System V UNIX Only) Device Files chown: Changing a File's Owner chgrp: Changing a File's Group Oddities and Dubious Ideas Dual-universes Context-Dependent Files Summary 6. Cryptography A Brief History of Cryptography Code Making and Code Breaking Cryptography and Digital Computers Modern Controversy What is Encryption? What You Can Do with Encryption The Elements of Encryption Cryptographic Strength Why Use Encryption With UNIX? The Enigma Encryption System Common Cryptographic Algorithms Summary of Private key systems: Summary of Public key systems: ROT13: Great for Encoding Offensive Jokes DES Use and Export of DES DES Modes DES Strength Improving the Security of DES Double DES Triple DES RSA and Public Key Cryptography How RSA Works An RSA Example Strength of RSA An Unbreakable Encryption Algorithm Proprietary Encryption Systems Message Digests and Digital Signatures Message Digests Using Message Digests Digital Signatures Common Digest Algorithms MD4 and MD5 Message Digest Functions SHA HAVAL SNEFRU Other Codes Checksums Message Authentication Codes Encryption Programs Available for UNIX UNIX crypt(1): The Original UNIX Encryption Command The crypt(1) algorithm Ways of Improving the Security of crypt Example des(1): The Data Encryption Standard PGP: Pretty Good Privacy Encrypting Files with IDEA Creating Your PGP Public Key Encrypting A Message Adding a Digital Signature to an Announcement Decrypting Messages and Verifying Signatures PGP Detached Signatures Encryption and U.S. Law Cryptography and the U.S. Patent System Cryptography and Export Controls 7. Backups Make Backups! Why Make Backups? A taxonomy of computer failures What Should You Back Up? Types of Backups Guarding against media failure How Long Should You Keep a Backup? Security for Backups Physical security for backups Write-protect your backups Data security for backups Legal Issues Sample Backup Strategies Individual Workstation Backup plan Media Rotation. Small Network of Workstations and a Server Backup plan: Retention schedule Large Service-Based Network with Small Budgets Backup plan: Retention schedule: Large Service-based Networks with Large Budgets Deciding upon a backup Strategy Backing up System Files What Files to Back up? Building an Automatic Backup System Software for Backups Simple Local Copies Simple Archives Specialized Backup Programs Encrypting your backups Backups Across the Net Commercial Offerings inode modification times 8. Defending Your Accounts Dangerous Accounts Accounts Without Passwords Default Accounts Accounts That Run a Single Command Open Accounts Restricted Shells under System V Unix Restricted Shells Under Berkeley Versions Restricted Korn Shell No Restricted bash How to Set Up a Restricted Account with rsh Potential Problems with rsh Restricted File System Limited users Checking new software Group Accounts Monitoring File Format Restricting Logins Managing Dormant Accounts Changing an Account's Password Changing the Account's Login Shell Finding Dormant Accounts Protecting the root Account Secure Terminals The wheel Group TCB and Trusted Path Trusted Path Trusted Computing Base The UNIX Encrypted Password System The crypt() Algorithm What Is Salt? What the Salt doesn't do Crypt16() and Other Algorithms One-Time Passwords Integrating one-time passwords with Unix Token Cards Code Books Administrative Techniques For Conventional Passwords Assigning Passwords to Users Constraining Passwords Cracking Your Own Passwords Joetest: a Simple Password Cracker The Dilemma of Password Crackers Password Generators Shadow Password Files Password Aging and Expiration Algorithm and Library Changes Disabling an Account by Changing its Password Account Names Revisited: Using Aliases for Increased Security 9. Integrity Management Prevention Immutable Filesystems Read-only Filesystems Detecting Change Comparison copies Local copies Remote Copies Rdist Checklists Simple Listing Ancestor directories Checksums Tripwire Building Tripwire Running Tripwire A Final Note 10. Auditing and Logging The Basic Log Files The lastlog File The utmp and wtmp Files The su command and the /etc/utmp and /var/adm/wtmp files The last Program Pruning the wtmp File The loginlog file The acct/pacct log File Accounting with System V Accounting with BSD The messages logfile Program-Specific Log Files The aculog file The sulog logfile The xferlog logfile uucp Log Files The access_log logfile Logging Network Services Other Logs Per-User Trails in the File System Shell History Mail Network Setup The UNIX System Log (syslog) Facility The syslog.conf Configuration File Where to Log Logging to a printer Logging across the network Log Everything Everywhere Syslog Messages Beware False Log Entries Swatch: A logfile tool Running Swatch The Swatch Configuration File Manual Logs Per-site Logs Exception and activity reports Informational material Per-Machine Logs Exception and activity reports Informational material Managing Log Files 11. Protecting Against Programmed Threats Programmed Threats: Definitions Security Tools Back Doors and Trap Doors Logic Bombs Trojan Horses Viruses Worms Bacteria and Rabbits Damage Authors Entry Protecting Yourself Shell Features PATH Attacks IFS Attacks HOME Attacks Filename Attacks Start-up File Attacks .login, .profile, /etc/profile .cshrc, .kshrc GNU .EMACS .exrc .forward, .procmailrc Other Files Other Initializations Abusing Automatic Mechanisms crontab Entries inetd.conf /usr/lib/aliases, /etc/aliases, or /etc/sendmail/aliases The at Program System Initialization Files Other Files Protecting Your System File Protections World-writable User Files and Directories Writable System Files and Directories Group-writable Files World-readable Backup Devices Shared Libraries 12. Physical Security One Forgotten Threat The Physical Security Plan Protecting Computer Hardware The Environment Fire Smoke Dust Earthquake Explosion Temperature Extremes Bugs (Biological) Electrical Noise Lightning Vibration Humidity Water Environmental Monitoring Preventing Accidents Food and Drink Physical Access Raised Floors and Dropped Ceilings Entrance Through Air Ducts Glass Walls Vandalism Ventilation Holes Network Cables Network Connectors Defending Against Acts of War and Terrorism Preventing Theft Physically Secure Your Computer Encryption Portables Minimizing Downtime Related Concerns Protecting Data Eavesdropping Wiretapping Eavesdropping by Ethernet and 10Base-T Eavesdropping by Radio & TEMPEST Auxiliary Ports on Terminals Fiber Optic Cable Protecting Backups Verify Your Backups Protect Your Backups Sanitize Your Media Before Disposal Backup Encryption Other Media Protecting Local Storage Printer Buffers Printer Output Multiple Screens X Terminals Function Keys Unattended Terminals Built-in Shell autologout X Screen Savers Key Switches Story: A Failed Site Inspection What we found... Potential for Eavesdropping and Data Theft: Easy Pickings Physical Access to Critical Computers Possibility for Sabotage: "Nothing to lose?" 13. Personnel Security Background checks On the Job Initial Training On-going Training and Awareness Performance Reviews and Monitoring Auditing Access Least-Privilege and Separation Departure Outsiders 14. Modems Theory of Operation Serial Interfaces The RS-232 Serial Protocol Originate and Answer Modems and Security One-way Phone Lines Caller-ID (CNID) Protecting Against Eavesdropping Kinds of Eavesdropping Protection Against Eavesdropping Modems and UNIX Hooking Up a Modem to Your Computer Setting Up the UNIX Device Checking Your Modem Originate Testing Answer Testing Privilege Testing Physical Protection of Modems Additional Security for Modems 15. UUCP 438 About UUCP The uucp Command uucp with the C Shell The uux Command The mail Command How the uucp Commands Work Versions of UUCP UUCP and Security Assigning Additional UUCP Logins Establishing UUCP Passwords Security of the L.sys and Systems Files Security in Version 2 UUCP USERFILE: Providing Remote File Access USERFILE Entries USERFILE Entries for Local Users Format of USERFILE Entry Without System Name Special Permissions Requiring Callback A USERFILE Example Some bad examples L.cmds: Providing Remote Command Execution Security in BNU UUCP The Permissions File Starting Up Name-Value Pairs A Sample Permissions File Permissions Commands uucheck: Checking Your Permissions File Additional Security Concerns Mail Forwarding for UUCP Automatic Execution of Cleanup Scripts Early Security Problems with UUCP UUCP Over Networks Summary 16. TCP/IP Networks Networking The Internet Who is on the Internet? Networking and Unix IPv4: The Internet Protocol Version 4 Internet Addresses IP networks Classical network addresses CIDR addresses Routing Hostnames The /etc/hosts file Packets and Protocols ICMP TCP UDP Clients and Servers Name Service DNS under UNIX Other naming services IP Security Link-level Security Security and Nameservice Authentication Other Network Protocols IPX SNA DECNet OSI XNS Summary 17. UNIX TCP/IP Services Understanding UNIX Internet Servers The /etc/services File Starting the Servers The /etc/inetd Program Controlling Access To Servers Notable UNIX Network Services systat (tcp port 11) FTP (tcp ports 20 & 21) FTP Passive Mode Using anonymous FTP Passive vs. Active FTP Setting up an FTP server Restricting FTP with the standard UNIX FTP server Setting up anonymous FTP with the standard UNIX FTP Server Allowing only FTP access tcp port 23: TELNET SMTP (Electronic Mail) (tcp port 25) sendmail and Security Using sendmail to receive email Improving the security of Berkeley Sendmail V8 TACACS (UDP port 49) Domain Name System (TCP and UDP port 53) DNS zone transfers DNS nameserver attacks TFTP (UDP port 69) finger (tcp port 79) The .plan and .project files Disabling finger Replacing finger HTTP (Hypter-Text Transfer Protocol) (tcp port 80) POP (Post Office Protocol) (tcp ports 109 & 110) udp & tcp port 111: Sun RPC's Portmapper Identification protocol (auth) (tcp port 113) NNTP (Network News Transport Protocol) (tcp port 119) NTP (Network Time Protocol) (udp port 123) SNMP (Simple Network Management Protocol) (udp ports 161 & 162) NSWS (NextStep Window Server) (tcp port 178) rexec (tcp port 512) rlogin and rsh (tcp ports 513 & 514) Trusted Hosts and Users The Problem with Trusted Hosts Setting Up Trusted Hosts The ~/.rhosts file Searching for .rhosts Files The /etc/hosts.lpd File rip (a.k.a. route) (udp port 520) UUCP over TCP (tcp port 540) The X Window System (tcp ports 6000-6063) /etc/fbtab and /etc/logindevperm X security The xhost facility Using Xauthority Magic Cookies Denial of Service Attacks Under X RPC rpc.rexd Other TCP ports: MUDs and Internet Relay Chat (IRC) Security Implications of Network Services Monitoring Your Network with netstat Network Scanning SATAN ISS PingWare Summary 18. WWW Security Security and the World Wide Web Running A Secure Server The Server's UID Understand Your Server's Directory Structure Configuration Files Additional Configuration Issues Writing Secure CGI Scripts and Programs Do Not Trust the User! Testing is not enough! Sending Mail Tainting with Perl Beware stray CGI scripts Keep Your Scripts Secret! Beware Mixing HTTP with Anonymous FTP Other Issues Controlling Access to Files on Your Server The access.conf and .htaccess file Command within the block Examples Setting up Web users and passwords Avoiding the Risks of Eavesdropping Eavesdropping Over the Wire Eavesdropping Through Log Files Risks of Web Browsers Executing Code from the Net Trusting Your Software Vendor Dependence on Third Parties Conclusion 19. RPC and Configuration Management Securing Network Services Sun's Remote Procedure Call (RPC) Sun's portmap/rpcbind RPC Authentication AUTH_NONE AUTH_UNIX AUTH_DES AUTH_KERB Secure RPC (AUTH_DES) Secure RPC Authentication Proving Your Identity Using Secure RPC Services Setting the Window Setting Up Secure RPC With NIS Creating Passwords for Users Creating Passwords for Hosts Making Sure Secure RPC Programs are Running on Every Workstation Using Secure NFS Mounting a Secure Filesystem Using Secure RPC Limitations of Secure RPC Sun's Network Information Service (NIS) Including or Excluding Specific Accounts: Importing accounts without really importing accounts NIS Domains NIS Netgroups Setting Up Netgroups Using Netgroups to limit the importing of accounts Limitations with NIS Spoofing RPC Spoofing NIS NIS is Confused about "+" Unintended Disclosure of Site Information with NIS NIS+ What NIS+ Does NIS+ Objects NIS+ Tables Using NIS+ Changing your password When a User's Passwords Don't Match NIS+ Limitations Kerberos Kerberos Authentication Initial Login Using the Ticket Granting Ticket Authentication, Data Integrity, and Secrecy Kerberos 4 vs. Kerberos 5 Kerberos vs. Secure RPC Installing Kerberos Using Kerberos Kerberos Limitations Other Network Authentication Systems DCE SESAME 20. NFS Understanding NFS NFS History File Handles MOUNT The NFS Protocol How NFS creates a reliable filesystem from a best-effort protocol Hard vs. Soft Connectionless and stateless NFS and root NFS Version 3 Server-Side NFS Security Limiting Client Access: /etc/exports and /etc/dfs/dfstab /etc/exports /usr/etc/exportfs Exporting NFS directories under System V: share(1) and dfstab The showmount Command Client-Side NFS Security Improving NFS Security Limit Exported and Mounted filesystems The example explained Export Read-only Use Root Ownership Remove Group Write Permission for Files And Directories Do Not Export Server Executables Do not Export Home Directories Use fsirand Set the portmon Variable Use Secure NFS Some Last Comments Well-Known Bugs For Real Security, Don't use NFS 21. Firewalls What's a Firewall? Default Permit vs. Default Deny Uses of Firewalls Anatomy of a Firewall: Dual-ported host: The First Firewalls Packet Filtering: A simple firewall with only a choke One Choke, One Gate: Screened host architecture Two chokes and One gate: Screened Subnet Architecture Multiple Gates Internal Firewalls Building Your Own Firewall Planning your Configuration Assembling the Parts Setting up the Choke Choosing the Choke's Protocols Example: Cisco Systems Routers as Chokes The access-list Command access-list: standard form access-list: extended form Seeing the Current Access Lists Protecting Virtual Terminals: The access-class command Protecting IP Interfaces: The ip access-group Command Using IP Accounting to Detect Access Violations Setting Up the Gate Name Service Electronic Mail Netnews FTP Creating an FTPOUT account to allow FTP without proxies. Finger Telnet and rlogin From Remote Sites into your Network Special Considerations Final Comments Firewalls Can Be Dangerous Firewalls Sometimes Fail Do You Really Need Your Desktop Machines on the Internet? 22. Wrappers & Proxies Why Wrappers? The TIS smap/smapd sendmail Wrapper What smap/smapd Do Getting smap/smapd Installing the TIS smap/smapd sendmail wrapper Possible Drawbacks tcpwrapper What TCP Wrapper Does Understanding Access Control Installing tcpwrapper Advanced tcpwrapper options Making sense of your tcpwrapper configuration files SOCKS What SOCKS Does Getting SOCKS Getting SOCKS Running SOCKS and Usernames SOCKS Identification Policy The SOCKS Server Configuration File: /etc/sockd.conf: NO_IDENTD and #BAD_ID Example /etc/sockd.conf configuration files The SOCKS Client Configuration File: /etc/socks.conf: Example /etc/socks.conf File UDP Relayer Getting UDP Relayer Writing Your Own Wrappers Wrappers that Provide Temporary Patches Wrappers that Provide Extra Logging 23. Writing Secure SUID and Network Programs One bug can Ruin Your Whole Day... The Lesson of the Internet Worm An Empirical Study of the Reliability of UNIX Utilities What They Found Where's the Beef? Tips on Avoiding Security-Related Bugs Network Programs Writing SUID/SGID Programs Using chroot() Passwords Use Message Digests for Storing Passwords Generating Random Numbers UNIX Pseudo-Random Functions rand() random() drand48(), lrand48(), mrand48() Other random number generators Picking a Random Seed A Good Random Seed Generator 24. Discovering a Break-in Prelude Rule #1: DON'T PANIC! Rule #2: DOCUMENT! Rule #3: PLAN AHEAD Discovering an Intruder Catching One in the Act What to Do When You Catch Somebody Monitoring the Intruder Tracing a Connection Other tip-offs How to Contact the System Administrator of a Computer You Don't Know Getting Rid of the Intruder Anatomy of a Break-in The Log Files: Discovering an Intruder's Tracks Cleaning Up After the Intruder New Accounts Changes in File Contents Changes in File and Directory Protections New SUID and SGID Files Changes in .rhosts Files Changes to the /etc/hosts.equiv File Changes to Start-up Files Hidden Files and Directories Unowned Files An Example Never Trust Anything Except Hardcopy Resuming Operation Damage control 25. Denial of Service Attacks and Solutions Destructive Attacks Overload Attacks Process Overload Problems Too Many Processes System Overload Attacks Disk Attacks Disk Full Attacks The quot Command Inode Problems Using Partitions to Protect Your Users Using Quotas Reserved Space Hidden space Tree Structure Attacks Swap Space Problems /tmp Problems Soft Process Limits: Preventing Accidental Denial of Service Network Denial of Service Attacks Service Overloading Message Flooding Signal Grounding Clogging 26. Computer Security and U.S. Law Legal Options After a Break-in Criminal Prosecution The Local Option Federal Jurisdiction Federal Computer Crime Laws Hazards of Criminal Prosecution If You or One of Your Employees is a Target of an Investigation.. Other Tips A Final Note on Criminal Actions Civil Actions Other Liability Munitions Export Copyright Infringement Software Piracy and the SPA Patent Concerns Trademark Violations Pornography and Indecent Material Harrassment, Threatening Communication, and Defamation 27. Who Do You Trust? Can you Trust Your Computer? Harry's Compiler Trusting Trust What the Superuser Can and Cannot Do Can You Trust Your Suppliers? Hardware Bugs Viruses on the Distribution Disk Buggy Software Hacker Challenges Security Bugs that Never Get Fixed Network Providers that Network Too Well Your Employees? Your System Admin? Your Vendor? Your Consultants? Response Personnel? What This All Means APPENDICES. A. UNIX Security Checklist B. Important Files System Files Important Files in Your Home Directory SUID Files in Berkeley UNIX SGID Files in Berkeley UNIX SUID Files in System V R3.2 UNIX SGID Files in System V UNIX C. UNIX Processes Processes Processes and Programs The ps Command Listing Processes on systems derived from System V Listing Processes with Berkeley-dervied versions of UNIX Process Properties Process Identification Numbers (PID) Process Real and Effective UID Process Priority and Niceness Process Groups and Sessions Creating Processes Signals The kill Command Starting Up UNIX and Logging In Process #1: /etc/init Letting Users Log In Running the User's Shell D. Paper Sources UNIX Security References Other Computer References Computer Crime and Law Computer-Related Risks Computer Viruses and Programmed Threats Cryptography Cryptography Papers and Other Publications General Computer Security Network Technology and Security Security Products and Services Information Understanding the Computer Security 'Culture' UNIX Programming and System Administration Miscellaneous References Periodicals Computer Audit Update Computer Fraud & Security Update Computer Law & Security Report Computers & Security E. Electronic Resources Mailing Lists Academic-Firewalls BugTraq CERT-Advisory Firewalls mailing list FWALL-Users RISKS WWW-Security Usenet Groups WWW Pages Telstra COAST Software Resources CERN HTTP Daemon Chrootuid COPS (Computer Oracle and Password System) Source Code by UUCP ISS (Internet Security Scanner) Kerberos Portmap SATAN SOCKS SWATCH TCP Wrapper TIGER TIS Internet Firewall Toolkit trimlog Tripwire UDP Packet Relayer wuarchive ftpd F. Other Sources Professional Organizations Association for Computing Machinery (ACM) American Society for Industrial Security (ASIS) Center for Computer Law Computer Security Institute (CSI) High Technology Crimes Investigation Association (HTCIA) Information Systems Security Association (ISSA) Internet Society IEEE Computer Society USENIX/SAGE Governmental Organizations Computer Emergency Response Team (CERT) National Computer Security Center (NCSC) National Institute of Standards and Technology (NIST) National Security Agency (NSA) Emergency Response Organizations Department of Energy's Computer Incident Advisory Capability (CIAC) Department of Justice (DOJ) Federal Bureau of Investigation (FBI) U.S. Secret Service (USSS) Forum of Incident and Response Security Teams (FIRST)
What Our Readers Are Saying
Other books you might like