REVIEW: "UNIX System Security Tools", Seth Ross

[mea culpa <jericho () DIMENSIONAL COM>]

From: "Rob Slade, doting grandpa of Ryan and Trevor" <rslade () sprint ca>

BKUNSSTL.RVW   991002

"UNIX System Security Tools", Seth Ross, 2000, 0-07-913788-1, U$39.99
%A   Seth Ross seth () albion com
%C   300 Water Street, Whitby, Ontario   L1N 9B6
%D   2000
%G   0-07-913788-1
%I   McGraw-Hill Ryerson/Osborne
%O   U$39.99 905-430-5000 800-565-5758 fax: 905-430-5020
%P   444 p. + CD-ROM
%T   "UNIX System Security Tools"

I must admit, I got a bit apprehensive when the preface stated that the
author had evaluated "over three dozen" security tools, chose a half dozen
to cover in depth, and did not intend to be a UNIX security primer.  Any
UNIX sysadmin with a basic knowledge of security could probably name off a
few dozen security tools, many shipped with the operating system itself.

I need not have worried overmuch.

Chapter one has a brief history of UNIX, and then attempts a definition of
security that vacillates between broad and narrow, is long on quotations
from names in the field, and fails to provide a single, working direction.
The outline of security planning given in chapter two is quite good,
although it has some gaps and weak areas, such as the very terse coverage
of security policies.  An informative review of account and password
security is presented in chapter three. Means of, and tools for, extending
account security are described in chapter four, and the venerable Crack
program is given more space in chapter five.  Chapter six looks in some
depth at the filesystem, but also does a very quick once over of
cryptography and backups. Tripwire, which detects file changes, is covered
in chapter seven. Logging and auditing is explained in chapter eight and
the Swatch logging management program is reviewed in nine.

Chapter ten moves from particular areas into the field of overall security
and security checking.  The COPS and Tiger vulnerability checking programs
are discussed in chapters eleven and twelve.

Chapter thirteen gives some background on TCP/IP networking and UNIX
network functions.  A number of Internet applications are described in
chapter fourteen, with HTTP (HyperText Transfer Protocol) and the World
Wide Web covered in fifteen.  Firewalls are given separate space in
chapter sixteen.

Ross has provided a useful reference for those who have not studied, and
cannot devote much time to, security.  As he keeps repeating, this is not
going to secure systems fully, but it is a reasonable guide to
incrementally increasing the security of what you have.

copyright Robert M. Slade, 1999 BKUNSSTL.RVW 991002

ISN is sponsored by Security-Focus.COM