UNIX System Security David A. Curry Addison-Wesley Professional Computing Series, 1992, 279 pp. $32.25 ISBN 0-201-56327-4 UNIX Installation, Security, and Integrity David Ferbrache and Gavin Shearer Prentice-Hall, 1993, 305 pp. $34.00 ISBN 0-13-015389-3
In the early days of computing, security in computer systems was not the primary concern of administrators, since computers were generally setup as centralized systems with terminals located in controlled areas, and networks were not yet commonplace. (Incoming modem lines on the public telephone network were the major security headache of system administrators.) Until the mid-80s, in fact, enterprising students who punched holes in security often ended up working for those very groups and firms they'd penetrated. (Kevin Poulsen, awaiting Federal charges for illegal computer access, was hired by SRI after a rash of system break-ins.) Still, security holes remained a bemused topic of conversation, and were not considered serious except by a few predictors of doom.
Security is like insurance--it's a nuisance to pay for, until a disaster occurs. This lesson was illustrated during the "Morris worm" incident which caused the immediate contamination of hundreds of thousands of systems and the resultant shutdown of the NSF Internet. In the aftermath, security awareness was raised to an all-time high from which it has gradually eroded as everyone loses interest until the next crisis. Such is the boom-and-bust cycle of computer security.
What was different about the Morris work was that the intruding program took advantage of networking and operating systems standardization to allow automatic propagation of itself onto freshly compromised systems. This meant that, like Von Neumann exponentiating machines, the Morris worm could rapidly scale its ability by the cascade effect of dedicating an exponential number of hosts to the effort. In addition, because the program added to its information store of "ways to break the system," the worm had greater "growth" potential than an ordinary computer virus because it could, again, leverage the network to pass back information and "learn" better how to break into more systems.
In sum, the Morris worm neatly demonstrated the vulnerability of computer networks, and made network-wide system security mandatory instead of an abstract research topic. To aggravate things, the rise of high-powered low-cost systems attached to the network have made security a part of systems design, planning, and administration long before it became a "popular" topic of conversation. With the number of Internet hosts now approaching 1 million and growing, security merits primary consideration before placing any system on the global network.
When it comes down to it, security is the mundane part of computer administration. You put the software equivalent of a padlock on resources, files, and accounts, rotate the assignment of keys to users of these items, and track when attempts to unlock them are made. When initiating security procedures, however, an understanding of the users and environment is crucial to creating a secure, yet acceptable, work environment. A book which covers security should be comprehensive in all aspects of security; otherwise, you don't have a secure system. Security, whether a house or a file server, is as strong as the weakest link.
UNIX System Security is geared towards the system administrator and is engaging in its "tales" of security woes. The book is also categorized in much the same way that a systems administrator would no doubt view security: account security, filesystem (or, more properly, "data") security, and network security in general, followed by specific types of systems (securing workstations, for example), policies, and references. While it meanders somewhat through its intermingling of security procedures and needs, its hands-on cookbook approach should be of great use to any goal-oriented site administrator who prefers the historical approach to security--the "finger in the dike" view.
At the same time, this choice of organization is a flaw in UNIX System Security. The book does not go into as much depth as necessary, allowing a bit of cookbook knowledge to delude you into thinking you know everything. There's no overview of what security actually is (you have to go to the National Computer Security Center's famed Orange Book to find out). Security is a broad term that means different things to different groups, so defining what kind of security mechanism and its resulting effect is important. For example, there's no comparison between account security (most common and simple to implement) verses data security (much harder) or network (a combination of data and account security and the actual physical arrangement of the network itself, and an area which is also given short shrift in books on network architecture and management).
But more importantly for a book geared to site administrators, there's little perspective offered on the differing needs of various sites--a government site versus one in the private sector, for instance--but instead, it seems to be biased towards educational-site experiences. For example, government time and energy is often oriented towards "air gap" security to avoid penetration or subversion of the system. The private sector, on the other hand, tends to view those "within" the system (such as employees) as possible security problems--hence the focus on auditing, logs, and transaction files. Neither of these considerations is directly discussed, primarily because an educational site prefers a more open and free exchange of ideas and viewpoints (and also, because they don't usually have money to throw at procedures and personnel). The short shrift given to auditing, in particular, is an oversight for any private-sector site administrator. This is especially the case as modern computer systems with integral security auditing on per-file and per-process level become available.
Policies with respect to software, passwords, and so forth are also discussed in UNIX System Security, but these policies have an educational-site bias, and system administrators should refer to their site guidelines before implementing any of these suggestions. (If your site doesn't have guidelines, it's time to establish them.) Legal issues regarding site policies and policing and software licenses and copyrights are also volatile and undefined at this time, and the legal examples should be read with a grain of salt. Yet, for naive institutions that never considered such policies necessary, it does bring them back into the "real" world.
For a more traditional overview of UNIX security, UNIX Installation, Security, and Integrity is welcome. Written in a concise and direct form, this book fills out the topic and is careful in discussing security categories. After breaking down the main-system security into appropriate categories (filesystem security, account security, and process security on the local system), it discusses cryptography and network security. It also deals with security monitoring and auditing procedures. Thus, the last word in its title actually has meaning.
One item I appreciated was the careful differentiation between trusted and regular systems. The authors went so far as to include a mention of hardware security support, an oft-forgotten area which should be covered in every security book.
The reference section of both books contain useful papers and books, including the Orange Book and some of Robert Morris's papers on security (which may have influenced his son's "worm" work) and brief discussions of secure software (such as Kerberos). In concentrating on recent works, however, some of the classic works were ignored, including studies on the KSOS System (Ford Aerospace) which are worth mentioning for their scope and depth.
UNIX System Security should become popular among site administrators struggling to get a handle on security needs--especially since most vendor-specific manuals don't cover those well-known security "holes" which can cause grief. For a more thorough and concise view of security, administrators should also obtain UNIX Installation, Security, and Integrity. But for a real understanding of security in the 1990s, check the references and attend the security conferences. That's where the action is.
Copyright © 1993, Dr. Dobb's Journal