Loading ...
Sorry, an error occurred while loading the content.
 

[techbooks] REVIEW: "UNIX System Security Tools", Seth Ross

Expand Messages
  • Rob Slade, doting grandpa of Ryan and Tr
    BKUNSSTL.RVW 991002 UNIX System Security Tools , Seth Ross, 2000, 0-07-913788-1, U$39.99 %A Seth Ross seth@albion.com %C 300 Water Street, Whitby,
    Message 1 of 1 , Jan 20, 2000
      BKUNSSTL.RVW 991002

      "UNIX System Security Tools", Seth Ross, 2000, 0-07-913788-1, U$39.99
      %A Seth Ross seth@...
      %C 300 Water Street, Whitby, Ontario L1N 9B6
      %D 2000
      %G 0-07-913788-1
      %I McGraw-Hill Ryerson/Osborne
      %O U$39.99 905-430-5000 800-565-5758 fax: 905-430-5020
      %P 444 p. + CD-ROM
      %T "UNIX System Security Tools"

      I must admit, I got a bit apprehensive when the preface stated that
      the author had evaluated "over three dozen" security tools, chose a
      half dozen to cover in depth, and did not intend to be a UNIX security
      primer. Any UNIX sysadmin with a basic knowledge of security could
      probably name off a few dozen security tools, many shipped with the
      operating system itself.

      I need not have worried overmuch.

      Chapter one has a brief history of UNIX, and then attempts a
      definition of security that vacillates between broad and narrow, is
      long on quotations from names in the field, and fails to provide a
      single, working direction. The outline of security planning given in
      chapter two is quite good, although it has some gaps and weak areas,
      such as the very terse coverage of security policies. An informative
      review of account and password security is presented in chapter three.
      Means of, and tools for, extending account security are described in
      chapter four, and the venerable Crack program is given more space in
      chapter five. Chapter six looks in some depth at the filesystem, but
      also does a very quick once over of cryptography and backups.
      Tripwire, which detects file changes, is covered in chapter seven.
      Logging and auditing is explained in chapter eight and the Swatch
      logging management program is reviewed in nine.

      Chapter ten moves from particular areas into the field of overall
      security and security checking. The COPS and Tiger vulnerability
      checking programs are discussed in chapters eleven and twelve.

      Chapter thirteen gives some background on TCP/IP networking and UNIX
      network functions. A number of Internet applications are described in
      chapter fourteen, with HTTP (HyperText Transfer Protocol) and the
      World Wide Web covered in fifteen. Firewalls are given separate space
      in chapter sixteen.

      Ross has provided a useful reference for those who have not studied,
      and cannot devote much time to, security. As he keeps repeating, this
      is not going to secure systems fully, but it is a reasonable guide to
      incrementally increasing the security of what you have.

      copyright Robert M. Slade, 1999 BKUNSSTL.RVW 991002

      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... rslade@... slade@... p1@...
      To gild refined gold, to paint the lily,
      To throw a perfume on the violet,
      To smooth the ice, or add another hue
      Unto the rainbow, or with taper-light
      To seek the beauteous eye of heaven to garnish,
      Is wasteful and ridiculous excess.
      `King John,' Act IV, scene ii, William Shakespeare
      http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade
    Your message has been successfully submitted and would be delivered to recipients shortly.