HP-UX 11i Security

Chris Wong

  • 出版商: Prentice Hall
  • 出版日期: 2001-10-04
  • 定價: $1,400
  • 售價: 1.4$199
  • 語言: 英文
  • 頁數: 480
  • 裝訂: Paperback
  • ISBN: 0130330620
  • ISBN-13: 9780130330628
  • 相關分類: 資訊安全
  • 立即出貨(限量) (庫存=3)




The total HP-UX 11i security reference and implementation guide

  • Thorough coverage of HP-UX 11i's powerful new host security features
  • Monitoring system access, activity, and change
  • 10 ways to gain root access-what every system administrator needs to know
  • Implementing Kerberos, PAM, IPSec, SCM, SCR, and IDS/9000

No other book offers this much HP-UX-specific security coverage! In this authoritative, comprehensive administrator's guide, leading HP-UX consultant Chris Wong covers every key aspect of HP-UX host security. Wong introduces "hot-off-the-press" HP-UX 11i capabilities and techniques for keeping mission-critical systems safe-even when firewalls fail and backdoors are discovered. Coverage includes:

  • Understanding and addressing your key vulnerabilities
  • 10 ways to gain root access-and what to do about them
  • Managing users, groups, files, and directories from a security perspective
  • Controlling access to the system and securing key services
  • Safely distributing root privileges
  • Using HP-UX software to enhance system security: SCM, SCR, Restricted SAM, IDS/9000, and the Security Patch Check Tool
  • Security techniques for the multi-host environment: Berkeley programs, SSH, NIS, NIS+, LDAP, Kerberos, PAM, and IPSec/9000
  • Tools and techniques for monitoring system activity and change
  • Using public-domain programs: SARA, Tripwire, sudo, and logrotate

HP-UX 11i Security is the essential security resource for every HP-UX system administrator, from novice to advanced level—and for every consultant, manager, security specialist, and e-business professional responsible for protecting HP-UX applications and data.

Table of Contents

1. Ready or Not, Here I Come! @AHEADS= Attacks. What Is Needed to Compromise a System? Ten Ways To Become root. What Can Happen When the System Is Compromised? Protection. A Letter to the CIO. Policies.
2. Passwords, Users, and Groups.

The password File. The Group File. Tools. Security Risk of the /etc/passwd File. Trusted System. Trusted Systems and Tools. Password Policies. What Makes a Good Password? Passwords and Multiple Hosts. User Management. Group Maintenance. Writing Scripts. The /etc/default/security File.

3. Disks, File Systems, and Permissions.

Disks. Logical Volume Manager. VERITAS Volume Manager. File Systems. The mount Command. File Permissions. Access Control Lists. The chatr Command and the Executable Stack. Quotas. The NAS and SAN.

4. System Access.

The Internet Daemon. Modems. The /etc/dialups and /etc/d_passwd Files. Secure Web Console. Physical Access and Boot Authentication. Guardian Service Processor. Restrictions for Users.

5. Multi-Host Environments.

The “r” Commands. SSH. NIS. NIS+. LDAP. DNS and BIND. DHCP. NFS. CIFS/9000.

6. Distributing root Privileges.

SUID/SGID Scripts and Programs. Restricted SAM. Sudo. ServiceControl Manager. OpenView. Comparison of Tools.

7. ServiceControl Manager.

Installation of the Central Management Server. Adding Nodes to the SCM Cluster. ServiceControl Manager Graphical User Interface. Adding Users. Role Assignments. Tools. Argument Limitations. Web Interface. SCM Log Files. SCM and Security. Why Use SCM?

8. Internet Daemon Services.

The Internet Daemon Startup. /etc/inetd.conf File. /etc/services File. /etc/protocols File. /var/adm/inetd.sec File. Understanding Socket Connections. Tcpwrappers. Telnet. File Transfer Protocol. Anonymous FTP. Trivial FTP. Finger. Other Internet Services. Running Other Services from inetd.

9. Kerberos.

What is Kerberos Doing? Installing Kerberos. Configuring Kerberos. Kerberos Utilities. Kerberos and HP-UX 10.20. Kerberos and rlogin. Kerberos and the -P Option. More about PAM.

10. IPSec/9000.

IPSec Configuration. What Is Happening? IPSec Tunnel Mode. Using IPSec/9000 as a Firewall. IP Number and Mask. Managing Keys on IPSec/9000.

11. Monitoring System Activity.

syslog Daemon. The syslog File. The btmp File. The wtmp File. The /etc/utmp File. The sulog File. The rc.log File. Shell History. Open Source Log Tools and Utilities. Log Rotation. Auditing. Accounting. Utilizing Performance Data. Monitoring System Resources. Managing System Resources.

12. Monitoring System Changes.

System Configuration Repository. Tripwire.

13. NetAction.

HP VirtualVault. Extranet VPN. HP Speedcard. HP PKI. Intrusion Detection System/9000.

14. Building a Bastion Host by Kevin Steves.

What Is a Bastion Host? Methodology. Sample Blueprint.

15. Checklist, Security Patches, and Miscellaneous Topics.

The Checklist. The HP-UX Security Patch Check Tool. The HP-UX Security Book Web Site. Continuing Your Knowledge. Mail. Protecting Your System Against “Ten Ways to Become root” . The Bastille Hardening System. IPFilter/9000.



《HP-UX 11i 安全參考與實施指南》

- 全面介紹 HP-UX 11i 強大的新主機安全功能
- 監控系統存取、活動和變更
- 10 種獲取 root 存取權的方法 - 每位系統管理員都需要知道的事情
- 實施 Kerberos、PAM、IPSec、SCM、SCR 和 IDS/9000

沒有其他書籍提供這麼多針對 HP-UX 特定安全性的內容!在這本權威、全面的管理員指南中,領先的 HP-UX 顧問 Chris Wong 詳細介紹了 HP-UX 主機安全的每個關鍵方面。Wong 介紹了最新的 HP-UX 11i 功能和技術,以確保重要任務系統的安全性 - 即使防火牆失效和後門被發現。內容包括:

- 了解並解決關鍵弱點
- 10 種獲取 root 存取權的方法 - 以及如何應對
- 從安全角度管理使用者、群組、檔案和目錄
- 控制系統存取並保護關鍵服務
- 安全分發 root 權限
- 使用 HP-UX 軟體增強系統安全性:SCM、SCR、Restricted SAM、IDS/9000 和安全補丁檢查工具
- 多主機環境的安全技術:Berkeley 程式、SSH、NIS、NIS+、LDAP、Kerberos、PAM 和 IPSec/9000
- 監控系統活動和變更的工具和技術
- 使用公共領域程式:SARA、Tripwire、sudo 和 logrotate

《HP-UX 11i 安全》是每位 HP-UX 系統管理員的必備安全資源,從初學者到高級水平,以及每位負責保護 HP-UX 應用程式和資料的顧問、經理、安全專家和電子商務專業人士。