a/sst


From: "Rob Slade, doting grandpa of Ryan and Trevor" 
To: p1@canada.com
Date: Thu, 20 Jan 2000 22:29:33 -0800
Subject: REVIEW: "UNIX System Security Tools", Seth Ross

BKUNSSTL.RVW   991002

"UNIX System Security Tools", Seth Ross, 2000, 0-07-913788-1, U$39.99
%A   Seth Ross seth@albion.com
%C   300 Water Street, Whitby, Ontario   L1N 9B6
%D   2000
%G   0-07-913788-1
%I   McGraw-Hill Ryerson/Osborne
%O   U$39.99 905-430-5000 800-565-5758 fax: 905-430-5020
%P   444 p. + CD-ROM
%T   "UNIX System Security Tools"

I must admit, I got a bit apprehensive when the preface stated that
the author had evaluated "over three dozen" security tools, chose a
half dozen to cover in depth, and did not intend to be a UNIX security
primer.  Any UNIX sysadmin with a basic knowledge of security could
probably name off a few dozen security tools, many shipped with the
operating system itself.

I need not have worried overmuch.

Chapter one has a brief history of UNIX, and then attempts a
definition of security that vacillates between broad and narrow, is
long on quotations from names in the field, and fails to provide a
single, working direction.  The outline of security planning given in
chapter two is quite good, although it has some gaps and weak areas,
such as the very terse coverage of security policies.  An informative
review of account and password security is presented in chapter three. 
Means of, and tools for, extending account security are described in
chapter four, and the venerable Crack program is given more space in
chapter five.  Chapter six looks in some depth at the filesystem, but
also does a very quick once over of cryptography and backups. 
Tripwire, which detects file changes, is covered in chapter seven. 
Logging and auditing is explained in chapter eight and the Swatch
logging management program is reviewed in nine.

Chapter ten moves from particular areas into the field of overall
security and security checking.  The COPS and Tiger vulnerability
checking programs are discussed in chapters eleven and twelve.

Chapter thirteen gives some background on TCP/IP networking and UNIX
network functions.  A number of Internet applications are described in
chapter fourteen, with HTTP (HyperText Transfer Protocol) and the
World Wide Web covered in fifteen.  Firewalls are given separate space
in chapter sixteen.

Ross has provided a useful reference for those who have not studied,
and cannot devote much time to, security.  As he keeps repeating, this
is not going to secure systems fully, but it is a reasonable guide to
incrementally increasing the security of what you have.

copyright Robert M. Slade, 1999   BKUNSSTL.RVW   991002

======================  (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca  rslade@sprint.ca  slade@victoria.tc.ca p1@canada.com
To gild refined gold, to paint the lily,
To throw a perfume on the violet,
To smooth the ice, or add another hue
Unto the rainbow, or with taper-light
To seek the beauteous eye of heaven to garnish,
Is wasteful and ridiculous excess.
                  `King John,' Act IV, scene ii, William Shakespeare
http://victoria.tc.ca/techrev    or    http://sun.soci.niu.edu/~rslade