Books: A User's Report
This has been an exciting two months in the UNIX book
world. The new
Rainbow manuals for both the Intel and Motorola processors
released, although not all of them have been published
yet. The manuals
are also on the shelves for System V Release 4.2. New
books have been
published on device drivers for SCO UNIX (Writing Device
for SCO UNIX by Peter Kettle and Steve Statler) and
also for the
casual UNIX user. Choosing books to review was not easy,
but I finally
decided to read two books on UNIX security, an exceptional
UNIX tools, and Stalling's new networking book.
UNIX Installation Security & Integrity
by David Ferbrache and Gavin Shearer
This book primarily addresses the system administrator
programmer. Its audience also includes anyone whose
deal with system security. Ferbrache and Shearer first
provide a short
history of UNIX, describing the different UNIX systems
and when they
were developed, then turn to file system security. They
a definition of inodes, which they supplement with a
diagram of the
UNIX file system, a diagram demonstrating inode allocation,
table listing inode fields. The authors reuse the inode
in the chapter to help the reader visualize multiple
unlinked files, unlinked blocks, corrupt directory structures,
other inode concepts. In this chapter, Ferbrache and
discuss directory and file permissions and respective
The second major subject of the book, integrity, is
defined as "preventing
the corruption or modification of data or programs"
UNIX, this is expanded to include redundancy, synchronization,
tracking. The authors examine different ways to back
up data, how
to construct a file system using mount, and consistency
Account-level security, including login procedures and
file, is the first security implementation the authors
security is violated at this level, they note, the system
or security manager should be able to identify the perpetrator.
presented in this chapter is a consideration of different
algorithms and data encryption techniques to protect
The authors then logically progress to a discussion
of process security
and examine how the process privileges are controlled.
to the fork and exec system calls, Ferbrache and Shearer
explain the signal, trace, and setuid mechanisms.
They provide a comprehensive discussion of viruses and
then dissect the initialization of two different UNIX
identify the security problems that may be encountered
the system files.
Later chapters deal with network security, including
of protocols, monitoring security, programming for secure
trusted systems, hardware security support, and standardization.
book ends with a set of fourteen appendices, ranging
in subject from
the Internet Worm to a glossary to several security
packages and including
references and suggested reading.
UNIX Installation Security & Integrity is an excellent
to the texts available for system administrators. The
only explain commands, but also describe how the commands
They identify possible loopholes and outline different
remedying problems before they occur. Though each section
presenting a simple concept and its purposes, each topic
is then covered
Overall, this book will provide useful information to
in computer security.
A Practical Tutorial
by N. Derek Arnold ITDC
Derek Arnold's book presents a straightforward approach
aspects of UNIX system security. Each chapter consists
of an introduction,
objectives, the body of the chapter, plus review questions.
chapter covers a range of topics -- from the history
of UNIX through
its present versions, including a discussion of the
the Trusted Computer
Base (TCB), to definitions of security and how to activate
as well as proceed through the shutdown procedure. Arnold
familiar way to differentiate the potential transgressors
from its protectors: the latter are the "good guys,"
the "bad guys."
Arnold's central thesis is that "a System Administrator
that knowledge is a more powerful tool than anything
else the bad
guys might possess" (page 11). The goal of the
book is to provide
that knowledge for the system administrator. To that
end, Arnold examines
how audit programs can help keep a system secure. He
etc/passwd file and its entries, analyzing each field
security risks involved, then offers solutions for the
in the etc/passwd file.
Special devices are a special problem -- they can be
used to bypass
standard UNIX security. Proper permissions are needed
to use anything
in the /dev directory, but some special devices are
owned and located outside /dev. Arnold describes the
these can cause for system security and presents possible
A rather unique chapter, "Break-In Techniques,"
methods of the bad guys. Arnold postulates that in order
to find a
bad guy, you have to know how he operates. By thinking
like a bad
guy, the system administrator can detect where the system
may be vulnerable.
A chapter entitled "Viral Infection" defines
a virus and explains
how a virus attacks the operating system. The author
that could indicate viral infection and includes ways
to prevent a
virus from infecting your system.
Another special problem has to do with repairing a program
you don't have the source code. If left to its own devices,
code could threaten the security of the entire system.
maintenance procedures for patching object code through
a string patch, the absolute debugger (adb), and the
Other topics include modem security, database security,
UUCP network security, and an overview of Local Area
This book succeeds very well as a practical approach
a UNIX system. Step by step, the author analyzes the
points out its vulnerabilities, and suggests ways to
by the bad guys. Two chapters I found particularly helpful
A, a list of reference programs with instructions on
how to compile
them, and chapter B, the source code for the reference
no system administrator should be without the information
in the chapter
"Break-In Techniques." One criticism: the
for the table of contents, should have been easier to
that does not effect the quality of the book, which
nor Arnold's writing style, which is clear and easy
UNIX Power Tools
by Jerry Peek, Tim O'Reilly, Mike Loukides,
and other contributors
O'Reilly & Associates/Bantam
UNIX has, historically, been a difficult system to master,
because most of the tips and tricks that make the system
been available only through the Internet. As a result,
have often had to learn the hard way, with little help
from easily found resources. UNIX Power Tools puts an
the mystery: the experienced UNIX programmer is likely
to look at
this book and wonder where it has been and why it took
UNIX Power Tools was not designed to be read from cover
cover beginning with page one; instead, it is organized
so that it
can be referenced easily. The topics are detailed, brief,
exactly what was promised. Where a subject intertwines
concepts, the separate discussions are cross-referenced,
name shown in blue italics and followed by the section
where it is
more thoroughly explained, such as "expr[47.20]."
At the beginning of the book, following a well-organized
contents, are two pages of instructions for using UNIX
The book also contains a glossary and a detailed index.
of possible problems along the way, and also identify
what is on the
Many of the topics included here are not often seen
in print. For
example, on page 1,000, section 52.08 recounts how to
read a permuted
index, complete with a small sample. Facing this information
entry entitled "Make Your Own Man Pages without
Each selection is followed by its author's initials.
The shrink-wrapped CD-ROM that accompanies the book
tools as Perl, GNU Emacs, and every shell, perl, awk,
and sed script referenced in the book, and a section
book documents every tool included and its purpose.
The book also
describes how to install the CD-ROM and what to do if
you have a problem.
In addition to the precompiled versions for the most
platforms, C source code is included for unsupported
those UNIX users without a CD-ROM, Ready-To-Run Software
provided an order form so that you can obtain the software
media, including floppies, QIC, 8mm, 4mm, or DEC TK50
The real challenge confronting the user of this book
is to put it
down. I tried several times to open it at random and
read only one
article. However, either the previous or the following
entice me to peruse more than I had planned. The writing
crisp, clear, and easy to understand. Considering the
number of contributors,
I was surprised at the uniformity of style and quality
the book: it read as if there had only been one author.
Tools has implemented a new type of UNIX text and explains
things in print for the first time. It is an exceptional
one that every UNIX user, programmer, and system administrator
own and use often.
A Guide to OSI, ISDN, LAN and MAN Standards
by William Stallings
Addison-Wesley Publishing Company, Inc.
In this latest addition to the networking selections,
examines the definition of a standard. He analyzes the
of standards, the varied types of standards, and different
organizations. The rest of the book addresses five major
in five sections: the "Open Systems Interconnection"
the "Integrated Services Digital Network"
and Metropolitan Area Networks" (LANS and MANS),
Management and Security," and "OSI Implementation."
section is prefaced by a summary of its contents and
a brief overview
of what each chapter within the division contains. Each
with a brief summary.
Stallings describes several concepts that are already
but are not very well documented. For example, in the
chapter on internetworking,
he covers routing from two different perspectives, end-to-intermediate
system routing and intermediate-to-intermediate system
the ISDN division, he gives a good explanation of frame
also presents a chapter on the fiber distributed data
and discusses both FDDI-I, the original specification,
FDDI-I uses a packet mode data transfer service, while
both a packet mode and isochronous data transfer.
The order of this book is logical and the diagrams are
clear. The insides of both covers and their facing pages
useful list of acronyms. Stallings attempts to present
in a well-defined, forthright manner and he succeeds.
The result is
a text carefully constructed for readability and suitable
for a wide
audience, ranging from students and designers to customers
Anyone interested in networking and, in particular,
OSI, ISDN, LAN,
and MAN, will find this book to be a worthwhile addition
About the Author
Elizabeth Zinkann has been involved in the UNIX and
C environments for the past
10 years. She is currently a UNIX and C consultant,
and one of her specialities
is UNIX education. In addition to her computer science
background, she also has a
degree in English.