RFC1244 - Page 87

• Title: Site Security Handbook
• Author: J.P. Holbrook, J.K. Reynolds
• Date: July 1, 1991

Page Navigation:

1  2  3  4  5  6  7  8  9  10  11  12  13  14  15  16  17  18  19  20  21  22  23  24  25  26  27  28  29  30  31  32  33  34  35  36  37  38  39  40  41  42  43  44  45  46  47  48  49  50  51  52  53  54  55  56  57  58  59  60  61  62  63  64  65  66  67  68  69  70  71  72  73  74  75  76  77  78  79  80  81  82  83  84  85  86  87  88  89  90  91  92  93  94  95  96  97  98  99  100  101 

Printable Version: RFC1244.PDF

RFC 1244                 Site Security Handbook                July 1991


   [CURRY]
           Curry, D., "Improving the Security of Your UNIX System",
           SRI International Report ITSTD-721-FR-90-21, April 1990.

           This paper describes measures that you, as a system
           administrator can take to make your UNIX system(s) more
           secure.  Oriented primarily at SunOS 4.x, most of the
           information covered applies equally well to any Berkeley
           UNIX system with or without NFS and/or Yellow Pages (NIS).
           Some of the information can also be applied to System V,
           although this is not a primary focus of the paper.  A very
           useful reference, this is also available on the Internet in
           various locations, including the directory
           cert.sei.cmu.edu:/pub/info.

   [FITES]
           Fites, M., Kratz, P. and A. Brebner, "Control and
           Security of Computer Information Systems", Computer Science
           Press, 1989.

           This book serves as a good guide to the issues encountered
           in forming computer security policies and procedures.  The
           book is designed as a textbook for an introductory course
           in information systems security.

           The book is divided into five sections: Risk Management (I),
           Safeguards: security and control measures, organizational
           and administrative (II), Safeguards: Security and Control
           Measures, Technical (III), Legal Environment and
           Professionalism (IV), and CICA Computer Control Guidelines
           (V).

           The book is particularly notable for its straight-forward
           approach to security, emphasizing that common sense is the
           first consideration in designing a security program.  The
           authors note that there is a tendency to look to more
           technical solutions to security problems while overlooking
           organizational controls which are often cheaper and much
           more effective.  298 pages, including references and index.

   [GARFINKEL]
           Garfinkel, S, and E. Spafford, "Practical Unix Security",
           O'Reilly & Associates, ISBN 0-937175-72-2, May 1991.

           Approx 450 pages, $29.95.  Orders: 1-800-338-6887
           (US & Canada), 1-707-829-0515 (Europe), email: nuts@ora.com

           This is one of the most useful books available on Unix



Site Security Policy Handbook Working Group                    [Page 87]