BKPRUISC.RVW 960619 "Practical UNIX and Internet Security", Simson Garfinkel/Gene Spafford, 1996, 1-56592-148-8, U$39.95/C$56.95 %A Simson Garfinkel simsong@next.cambridge.ma.us %A Gene Spafford spaf@cs.purdue.edu %C 103 Morris Street, Suite A, Sebastopol, CA 95472 %D 1996 %G 1-56592-148-8 %I O'Reilly & Associates, Inc. %O U$39.95/C$56.95 800-998-9938 fax: 707-829-0104 nuts@ora.com %O http://www.amazon.com/exec/obidos/ASIN/1565921488/robsladesinterne %P 1004 %T "Practical UNIX and Internet Security" The title is certainly apt. This book is definitely practical, and if your job involves system security, at whatever level, this book belongs on your desk. The expansion of the title is no mere attempt to gain market share: this edition is twice the size of the old one. The book is well planned and comprehensive. While the emphasis and examples are from the UNIX operating system and Internet protocols, background information is given on related (and important) topics such as modems and physical security. The writing and examples are clear and understandable, and should present no problems to the intelligent novice, but the additional material ensures that there is value here even for the UNIX guru. The six "parts" of the work (plus a set of appendices) present logical divisions of the topic. "Computer Security Basics" begins with an introductory chapter defining computer security, an operating system and UNIX. It continues with a discussion of policy and guideline considerations. Part two deals with the responsibility of the user. The chapters deal with the defence of accounts and the protection of data through users and passwords; user accounts, "groups" and the "superuser"; and details of the UNIX file system. Part three looks at the system side of security, with attention to backups, integrity, auditing, malicious software, and physical and personnel security. Part four covers communications aspects. This is highly important considering the strengths of UNIX in communications, the use of UNIX machines as bridges between other proprietary systems, and the participation of UNIX systems in the Internet. Chapters are devoted to modems, UUCP, TCP/IP, and Kerberos. Part five could be seen as an extension, dealing with advanced network security topics such as firewalls. The sixth section begins to move away from strictly technical aspects, and starts to deal with your response to "security incidents". This may seem, to some, either irrelevant or defeatist. However, it points out an important attitude to have with respect to security: assume that, at some point, you are going to fail--and be prepared. The chapters here are no less practical than the foregoing, detailing the discovery of break-ins, denial of service attacks, and the (U.S.) legal aspects of security. (I appreciate the authors' forthrightness at this point: the chapter is entitled "Computer Security and U.S. Law", and doesn't assume one legal system fits all.) A updating and expansion of a comprehensive and dependable classic in the security field copyright Robert M. Slade, 1993, 1996 BKPRUISC.RVW 960619