Practical Unix & Internet Security, 3rd Edition (Paperback)

~ Simson Garfinkel (Author), Gene Spafford PH.D. (Author), Alan Schwartz PH.D. (Author)

Editorial Reviews

Amazon.com Review

The world's most business-critical transactions run on Unix machines, which means the machines running those transactions attract evildoers. Furthermore, a lot of those machines have Internet connections, which means it's always possible that some nefarious remote user will find a way in. The third edition of Practical Unix & Internet Security contains--to an even greater extent than its favorably reputed ancestors--an enormous amount of accumulated wisdom about how to protect Internet-connected Unix machines from intrusion and other forms of attack. This book is fat with practical advice on specific defensive measures (to defeat known attacks) and generally wise policies (to head off as-yet-undiscovered ones).

The authors' approach to Unix security is holistic and clever; they devote as much space to security philosophy as to advice about closing TCP ports and disabling unnecessary services. They also recognize that lots of Unix machines are development platforms, and make many recommendations to consider as you design software. It's rare that you read a page in this carefully compiled book that does not impart some obscure nugget of knowledge, or remind you to implement some important policy. Plus, the authors have a style that reminds their readers that computing is supposed to be about intellectual exercise and fun, an attitude that's absent from too much of the information technology industry lately. Read this book if you use any flavor of Unix in any mission-critical situation. --David Wall

Topics covered: Security risks (and ways to limit them) under Linux, Solaris, Mac OS X, and FreeBSD. Coverage ranges from responsible system administration (including selection of usernames and logins) to intrusion detection, break-in forensics, and log analysis.

Review

"It's almost impossible to criticize such a venerable work as this, and there can be little doubt that backed up by online resources, this will form a solid foundation and reference work for years to come." - Martin Howse, LinuxUser & Developer, Issue 30 "If you know nothing about Linux security, and only have time for one book, you should start with Practical Unix and Internet Security." - Charlie Stross, Linux Format, September

See all Editorial Reviews

Product Details

• Paperback: 984 pages
• Publisher: O'Reilly Media; 3 edition (February 21, 2003)
• Language: English
• ISBN-10: 0596003234
• ISBN-13: 978-0596003234
• Product Dimensions: 9.1 x 7 x 2 inches
• Shipping Weight: 3 pounds (View shipping rates and policies)
• Average Customer Review: 4.3 out of 5 stars  See all reviews (35 customer reviews)
• Amazon.com Sales Rank: #526,612 in Books (See Bestsellers in Books)

  Popular in these categories: (What's this?)

  #7 in	Books > Computers & Internet > Security & Encryption > Unix Security
  #16 in	Books > Computers & Internet > Operating Systems > Unix > Administration
  #19 in	Books > Computers & Internet > Networking > Networks, Protocols & APIs > LDAP

Customer Reviews

Most Helpful Customer Reviews

24 of 25 people found the following review helpful:

4.0 out of 5 stars Recommended with reservations for students & hobbyists only, April 25, 1998

By	Nikolai N Bezroukov "kievite" (Budd Lake, NJ) - See all my reviews

This review is from: Practical Unix and Internet Security, 2nd Edition (Paperback)

Somewhat outdated -- two years old in a very dynamic field, Rootkit is not even mentioned, Bugtraq mentioned only in supplement, etc. Far from being practical and can be used only as an introductory text in Unix security. Not recommended for Internet security (superficial and incomplete). Good style --  Simson Garfinkel of The UNIX-Haters Handbook fame  is a really talented journalist (but now only a journalist, see his interview with Amazon.com).  The main problem with the book is that instead of relying on tools as any Unix author should, the authors use a cookbook/reference approach giving recipes about improving security. References to important RFCs, FAQ and CERT advisories are absent. For example RFC1244 (now superseded by RTC2196) is not mentioned in index(and probably in the text as well) although Ch.2 and Ch.24 mirror its content. No attempts were made to explain what tools can be used for checking/fixing particular class of problems or to present a bigger picture in which the flaw exists. Typesetting is very primitive. Although one of the authors is a (former) programmer judging by just the book content it is difficult to believe that he is able to spell PERL :-). The book is not updated enough to compete with newer books on Internet Security. For corporate users possible alternatives are combinations of one book on Unix security (for example, Unix System Security by David A. Curry) and one book on Internet security (for example Actually Useful Internet Security Techniques by Larry J. Hughes). The last is recommended as an alternative for readers who cannot afford two books. Often books written by a specialist in particular areas can be a better deal than books from security folks. For example TCP/IP Network Administration by Craig Hunt contains a lot more information about how properly configure TCP/IP than this book and in Ch.12 has a very decent overview of security in just 40 pages.

13 of 13 people found the following review helpful:

3.0 out of 5 stars Best for beginners, August 1, 2003

By	G. Hoeppner (Lansing, MI) - See all my reviews (REAL NAME)

As a Linux administrator, I ordered this book hoping to find out how hackers typically gain access to systems and neat little tricks for locking down my system, as well as detecting and dealing with intruders. While Practical Unix & Internet Security did cover these topics, it covered little I didn't already know.

Significant time is spent explaining how unix-based systems work. The book covers things such as file systems, partition structure, file ownership/permissions, users and groups, inodes, ssh, backups, etc. Each command, utility, procedure or feature is detailed over several pages followed by an explanation of what you should be doing with said topic.

There are also a few real-world examples here and there; stories most of us have heard before, like the admin who had . in his path.

Unlike many computer books, this one is well written and an easy read, and it's certainly a lot more friendly than some unix geek's advice which consists of RTFM.

I think this book would be great for someone who has a very basic understanding of unix-based systems but has never administrated one before, but for those of us who've already had some experience running unix there's probably not anything new here for you.

14 of 15 people found the following review helpful:

5.0 out of 5 stars Little Giant. . . Vade Mecum, March 1, 2003

By	Marco De Vivo "mata-hackers" (Miami, Florida United States) - See all my reviews (REAL NAME)

The second edition of this book was my security vade mecum for the last 8 years. For what I can foresee, this third edition, will play the same role for (at least) the next three years.

When you are required as an security expert, several tasks are usually to be faced:

New scenarios to analyze?, checklists to recommend?, good firewall architectures to suggest?, logs to watch? (and so on). Don't worry, with the only help of this Garfinkel, Spafford and Schwartz 'little giant' book, you are done.

Excellent book. A Must for security people.