Secure Unix

Samuel Samalin

Publisher: McGraw-Hill, 1997, 201 pages

ISBN: 0-07-054554-5

Keywords: IT Security, System Administration

Last modified: May 13, 2021, 9:54 p.m.

Implement and maintain a certified Secure UNIX system.

In an increasingly dangerous era, ensuring the security and confidentiality of an organization's computer systems has never been more important. Now, for secure systems administrators, this book provides a comprehensive technical manual on implementing versions of UNIX that have U.S. Department of Defense (DOD) "Orange Book" B-level computer security. Users will find in Secure UNIX a how-to guide covering secure systems concepts and their application for managers, Samalin provides a solid, accessible primer perfect for use in training programs.

As Secure UNIX systems become more pervasive, those who can quickly comply with the standard will have an edge. Here, you'll get details on how to use Secure UNIX computers to protect your organization's information systems. Experienced UNIX consultant Samuel Samalin — who helped develop Secure UNIX systems at industry stalwarts AT&T and IBM — expertly covers such wide-ranging topics as:

  • Secure networking
  • Why secure systems are necessary
  • How secure systems work
  • Security policy guidelines
  • How to maintain the secure organization
  • Advanced security architecture using Secure UNIX
  • And much more

Samalin provides insightful and valuable quick-reference guidelines for secure systems administrators.

The most comprehensive manual on implementing Secure UNIX systems.

  1. Goals, Threats, and Policies
    • Goals
      • Confidentiality
      • Integrity
      • Availability
    • Threats to the Goals
      • Confidentiality
      • Integrity
      • Availability
    • Policies
      • Precise access policy
      • Confirmed authorization policy
      • Confirmed integrity policy
      • Precise usage policy
    • Summary
  2. System Access Control
    • Identification and Authentication
    • Passwords
      • Good password-creation strategies
      • Changing a password
      • Other authentication techniques
    • User Accounts
    • System-entry Requirements
  3. Discretionary Access Control
    • ACL Formats and Interface
    • Basic UNIX Access Control
  4. Mandatory Access Control
    • The Advantage of Mandatory Access Control
    • Introduction to Labels
    • The Label Laws
    • MAC and Security Architecture
    • Labeling and TIB
    • Label interface
    • Information Ordering and Flow
    • Label Categories
    • Labeling and Information Access
    • Multilevel Labeling
    • System File Labels
    • High-labeled Information
    • Middle-labeled Information
    • Low-labeled Information
    • Label Lists and Information Flow
    • Covert Channels
    • Information Labels
  5. Privileges
    • Roles
    • Privilege Classes
      • Administrative privileges
      • Security privileges
      • User privileges
      • Application privileges
      • Override privileges
      • Other privileges
    • Privilege Classes
      • Override privileges
      • Audit privileges
      • Administrator privileges
      • System accounting privilege
      • System attribute privileges
      • Debug privilege
      • Limit privilege
      • mknod privilege
      • Backup and mount privileges
    • Privilege Mechanism
      • Process privileges
      • File privileges
      • Some observations
    • Summary
  6. Audit
    • Audit Objectives
    • Audit Programming
      • Using the programming methods
      • When programming by user is advantageous
      • The need for auditing file objects by label
      • Making the judgment calls
    • Audit Events
      • Administrative event class
      • Audit event class
    • Security Sensitivity of Events
    • Filer Attribute Events
    • Process Events
    • Authentication Events
    • Audit Alarms
    • Alarms
    • Critical Alarms
      • Types of alarms
  7. Secure Applications
    • Secure Networking
      • Networked digital authentication
      • Private key versus public key encryption
      • Kerberos
      • Public key cryptography
    • Security-enhanced Protocols
      • Privacy enhanced mail
      • MAXSIX
      • NFS, Rlogin, and NIS using MAXSIX
      • Secure Socket Layer
      • IPv6
      • Secure HTTP
      • OSI
      • Distributed TIBs
      • Inside the security perimeter
      • Untrusted connections in to the security perimeter
      • Connecting to other TIBs
    • Level Network Initialization
    • Certification of Networking Products
    • Databases
    • X Window
      • X Basics
      • Secure X
      • Trusted path from Secure X
      • Secure X Window
      • Windows and covert channels
      • Labeled X Objects
      • X, authentication, and access control
      • Information labels
  8. Administrative Security
    • Consistency Checking
    • Consistency-checking functions
    • File-attribute Checking
    • Attribute Checking  of CRC
    • Internal Consistency Checking
    • User File Consistency Check
    • Idle-session Checking
    • System-process Consistency Checking
    • Integrity
    • Integrity Checking
    • Integrity Life-cycle
    • Integrity Interface
    • TIB Integrity
  9. TIBs in 2001
    • Trusted Information Base
    • Policies
      • Policy guidelines
      • Policy statements
    • Pre-Secure Problems and TIB Solutions
      • Excessive privilege of root
      • Lack of accountability
      • Lack of trust-based access firewalling
      • Trust and distributed firewalls in TIB
      • Excessive access
      • Lack of organizational control over its confidential information
      • Confidentiality in a TIB
      • Lack of integrity
      • Integrity in a TIB
      • Spoofing
      • Lack of precise usage
      • Lack of object reuse
      • Feelings of vulnerability
    • The Secure UNIX Organization

Reviews

Secure Unix

Reviewed by Roland Buresund

OK ***** (5 out of 10)

Last modified: May 21, 2007, 3:23 a.m.

This is in reality about MLS UNIX, not "standard" UNIX.

Comments

There are currently no comments

New Comment

required

required (not published)

optional

required

captcha

required