November 2002. Byte.com, USA. DNS on the Hot Seat. Distributed DOS attacks on the Internet's root servers can grind Web traffic to a halt. Is it time to find a replacement for DNS? Feature article.
October 2002. Grace Hopper Conference 2002, Vancouver, BC. From 386BSD to OSPREY: The Evolution of an Operating System. While 386BSD is famous for pioneering inexpensive 386-based Unix systems for academics and open source code for programmers, it also proved to be a fungible framework for new approaches, unfettered by legacy or short-term commercial objective. This paper examines a single aspect of OS operation in the form of tracking root resource usage in a server, specifically processor and memory. This aspect is extremely relevant to all corporate datacenters, as the cost effectiveness of banks of as many as hundreds of servers is directly related to how effectively these two are utilized. Poor utilization of resources means a datacenter needs more machines to do the same work, while perfect resource utilization would match resource to need exactly. The author believes that the findings generalize to most other aspects of servers, as they derive efficiencies from the underlying effectiveness of these root resources – issues 386BSD addressed years ago. Due to the structure of Unix itself, however, some root resource legacies can only be conquered with a radical new approach, inspiring the OSPREY system.
4/97 
3/96 Software Development Conference, San Francisco, CA. Why NT Will Bury UNIX(With William F. (Bill) Jolitz). The operating systems wars have been waged as long as computers have existed. Now, an aggressive and determined software company is attempting to position itself to conquer the entire market. In this paper, we answer the questions: How real is this threat? What are the actual stakes? And should NT succeed, where does UNIX stand as an also-ran? We also provide a preview of the pending truly new technology operating systems -- where the next great battleground will be fought.
8/95 Dr. Dobb’s Journal, USA: Programmer’s Bookshelf: Perspectives on Computer Security. When you get on the net, who can you trust? Lynne examines several new books that address this question: Network Security: Private Communications in a Public World, by Charlie Kaufman, Radia Perlman, and Michael Speciner; E-Mail Security, by Bruce Schneier; Network Security, by Steven Shaffer and Alan Simon; and Network Security: How to Plan for It and Achieve It, by Richard H. Baker.
[Embedded in "Le Monde En Tique" ]
Perspectives on Computer Security
Copyright (C) Dr. Dobb's Journal, August, 1995
For most people, security is as simple as locking the front door or putting
a Club on a car's steering wheel. For networked computer users, security
is a devilish issue, because a computer system can be compromised by any
one of millions of other computers around the globe. Fortunately, a good
number of books on network-security techniques are available, and while
none will protect a computer from the latest attack (you'll just have to
keep up on journals and conferences for that), many offer valuable insights.
Network Security: Private Communications in a Public World, by Charlie
Kaufman, Radia Perlman, and Michael Speciner, discusses the practical issues
of secure communications, including cryptographic techniques, applied-number
theory, authentication, and integrity. It also covers existing Internet
mechanisms used to increase network security (Kerberos, PEM, PGP, and the
like) as well as extensions to X.400 and NetWare. Finally, the book provides
a good overview of encrypted communications and authentication as currently
used on the Internet. It avoids matters such as the formal government-security
framework and concentrates on the actual moving pieces used in security
mechanisms.
I enjoyed this book primarily because it was loaded with insider jokes and
minutiae, such as "UNIX, an unusually user-hostile and otherwise mediocre
operating system" or (my personal favorite)
plausible deniability, a situation in which events are structured so that someone can claim not to have known or done something, and no proof exists to the contrary. Whenever this term comes up, the person in question is almost certainly guilty.
The authors are not afraid to voice opinions on popularly perceived solutions to insecure networks. For example, the current trend of developing, selling, and purchasing commercial firewall packages is concisely characterized by Charlie Kaufman:
Firewalls are the wrong approach. They don't solve the general problem, and they make it very difficult or impossible to do many things. On the other hand, if I were in charge of a corporate network, I'd never consider hooking into the Internet without one. And if I were looking for a likely financially successful security product to invest in, I'd pick firewalls.
The meat of Network Security: Private Communications in a Public World is its practical introduction to communications-oriented security in the form of encryption and authentication; specific implementation details are described only casually. Of particular interest in this post-Mitnick era is the brief discussion of sabotage-resistant routing protocols. Since routing is the next logical target of attack, it is an area worthy of critical study. In fact, secure routing and network integrity alone could fill another book.
Network Security: Private Communications in a Public World provides a balanced treatment of controversial topics (such as cryptography), but it isn't a war-stories book. The level of discussion is technical enough to get the point across, yet not so detailed as to become dull. Still, the book lacks descriptions of attacks against TCP and DNS. Even though they've been covered in other security books, these topics still have a place in a discussion of attack pathologies.
The book also omitted discussions of the Green Book, the follow-up work to the Orange Book (which maps the Trusted Computing metaphor into a networking paradigm). While of admittedly limited use, the Green Book does offer sanguine observations about network security that fall into the scope of this book. Finally, the text jumps right into specific algorithms without bothering to develop the subject of cryptography. The result is an incomplete picture: It's unclear why a certain technique is employed in a given algorithm or why an algorithm is considered flawed.
E-Mail Security for the Layman
While insider stories and algorithmic examinations are interesting, they are less than useful to the individual trying to protect e-mail from prying eyes. To complicate matters, while regular surface mail is protected by a host of laws regarding privacy and is processed by a quasi-governmental agency which must follow certain regulations, most e-mail correspondence is not (yet) as carefully protected or regulated. The law is still murky regarding privacy from coworkers, system administrators, managers, and the like. Thus, protection of sensitive correspondence and the limits of such protection are topical subjects.
E-Mail Security: How to Keep your Electronic Messages Private, by DDJ contributing editor Bruce Schneier, is an in-depth treatment of electronic-mail security intended for immediate application by the reader. Schneier begins with an overview of electronic-mail security and goes on to discuss and contrast the two preeminent security encapsulations used in network electronic mailPretty Good Privacy (PGP) and Privacy Enhanced Mail (PEM). Finally, the book addresses restrictions placed on its use by the government and intellectual-property rights.
Schneier's discussion of finite mathematics alone is worth the price of the book. The one downside is Schneiers view that it is absolutely good to secure all communications in this manner. While this approach probably appeals to his target audience, it is ironic that the same tools that can prevent misappropriation of information can also be used to shield a scoundrel who misappropriates others' work. Yes, I've heard the argument that anyone who doesn't secure their work deserves to be punished, but that's just the old blame-the-victim routine, which doesn't deal with reality.
In addition, shielding posters or remailers on the net, making them effectively anonymous, is not a defensive security approach intended to keep personal e-mail private, but instead an ideologically motivated offensive tactic. Net users should be aware that this approach is rarely used for purposes of, say, revealing a governmental plot to suppress information: Instead, it's used for character assassination, personal vendettas, theft of work, disinformation, petty criminal behavior, and worse. In fact, the current chaos is eerily similar to John Brunners prediction in his classic book The Shockwave Rider over 20 years ago, where anonymous denunciation lines allowed antagonists to destroy a protagonist's credit, job status, and even marriage without fear of retribution. Ignoring or aiding this practice without regard for the consequences is ethically questionable at best.
Overall, Schneier's writing has a concise, readable, appealing style. E-Mail Security: How to Keep your Electronic Messages Private is ideal for the computer user who feels insecure about sending Internet mail and has an active interest in the powerful tools available for securing it.
Network Security as a Professional Practice
Network Security, by Steven L. Shaffer and Alan R. Simon, provides a comprehensive, top-down approach to computer and networking security as a professional practice. It focuses primarily on the formal nomenclature and structure used as the framework for government- and commercial-security environments. This formalism is critical for serious computer-security work. Network Security is ideal as a top-down introduction to any intensive study of formal security mechanisms and policies of the last 20 years. Not included are the tools of the trade that a network-security officer uses in practice, the methodology that programmers use to implement secure operating systems, or the cryptographic mechanisms that secure communications across a data network. However, bibliographic references provide pointers for the serious student.
One nice feature of this book is a description of representative-government-security programs that show the formal information- security structure in practice. Among the programs discussed are the Department of Defenses BLACKER, DNSIX, and CCEP; profiles of security-product vendors are given as well. (This latter group was incomplete: Suns Secure Solaris, Oracles MLS products, and HPs HP-UX BLS were missing.)
A downside of Network Security is its insularity and relative blindness that stems from its proximity to traditional security perspectives. For example, while PEM and Kerberos are discussed briefly, unofficial security mechanisms, such as PGP and COPS, are not. There is no critical analysis of the inherent weaknesses of the official architectures for information security. Despite these omissions, however, Network Security's coverage of the appropriate formalisms make it essential to the serious security professionals library.
Enterprise Network Security
Network Security: How to Plan for It and Achieve It, by Richard Baker, is the most ambitious of the books discussed here. It develops and implements an enterprise networks security envelope from the bottom-up, but avoids discussion of the underlying mechanisms. Baker speaks to MIS managers or network administrators who must develop and implement an official, organized security policy, comprising physical security, business-management structures, backups, training, viruses, and security audits.
Each chapter begins with an overview of a problem (such as securing the desktop), then develops a top-down plan to deal with it. While fleshing out these details, Baker discusses the elements and management of a careful, secure environment (occasionally citing industry examples). The book does not cover operating-system and software architectures; it concentrates on operational aspects pertinent to a business.
Network Security: How to Plan for It and Achieve It reminds us that information security often fails because it is not integrated into the information system from the start.
The breadth of the book is exemplified in its discussion of the legal requirements of a network-information processing service, including the legal doctrines of due care and due diligence. Few administrators are aware of the potential liabilities of insecure or improperly maintained information systems, which are magnified when the system retains information covered by privacy or intellectual-property rights. The Infobahn of the future will likely involve many suits over negligent operation of information services, resulting in substantial liability awards from unsuspecting companies.
Baker approaches enterprise network security from a situational perspective. This is bound to appeal to the administrator who can directly apply Baker's solutions to rectify a situation or avoid an incident; enterprise network administrators should keep this book handy.
Network Security: Private Communications in a Public World
Charlie Kaufman, Radia Perlman, and Michael Speciner
Prentice-Hall, 1995, 504 pp. $46.00
ISBN 0-13-061466-1
Network Security
Steven L. Shaffer and Alan R. Simon
Academic Press, 1994, 318 pp. $25.95
ISBN 0-12638-01-04
E-Mail Security: How to Keep your Electronic Messages Private
Bruce Schneier
John Wiley & Sons, 1995, 362 pp. $24.95
ISBN 0-471-05318-X
Network Security: How to Plan for It and Achieve It
Richard H. Baker
McGraw-Hill, 1995, 456 pp. $34.95
ISBN 0-07005-14-10
8/95 Dr. Dobb's Developer Update, USA: Book Review: POSIX.4 Programming. Contrasts traditional operating systems techniques with real-time demands.
5/95 Dr. Dobb’s Journal, USA: Role-Based Network Security(With William F. (Bill) Jolitz). Network level security is usually very costly, but through the use of role-based security, PC network administration can be reduced to a simple level without loss of integrity.
3/95 Dr. Dobb's Developer Update, USA: Security and the INTERNET(With William F. (Bill) Jolitz). A detailed analysis of the technical flaws in the TCP/IP implementations which allowed intrusion by a cracker over several months and new approaches to correct them.
Winter 1994 Dr. Dobbs Journal Information Highway Special Issue, USA: Very High Speed Networks: HiPPI and SIGNA(With William F. (Bill) Jolitz). Very high-speed networking is the key to rapidly and economically delivering large amounts of information.
9/93 Dr. Dobb’s Journal, USA: Programmer’s Bookshelf: Under Lock and Key. While you can’t keep network systems and data under lock and key, there are security techniques you can still employ. Lynne examines the approaches presented in UNIX System Security and UNIX Installation, Security, and Integrity.
Under Lock and Key
Copyright (C) Dr. Dobb's Journal, September, 1993
In the early days of computing, security in computer systems was not the primary concern of administrators, since computers were generally setup as centralized systems with terminals located in controlled areas, and networks were not yet commonplace. (Incoming modem lines on the public telephone network were the major security headache of system administrators.) Until the mid-80s, in fact, enterprising students who punched holes in security often ended up working for those very groups and firms they'd penetrated. (Kevin Poulsen, awaiting Federal charges for illegal computer access, was hired by SRI after a rash of system break-ins.) Still, security holes remained a bemused topic of conversation, and were not considered serious except by a few predictors of doom.
The Boom in Security from the Internet Worm
Security is like insurance--it's a nuisance to pay for, until a disaster occurs. This lesson was illustrated during the "Morris worm" incident which caused the immediate contamination of hundreds of thousands of systems and the resultant shutdown of the NSF Internet. In the aftermath, security awareness was raised to an all-time high from which it has gradually eroded as everyone loses interest until the next crisis. Such is the boom-and-bust cycle of computer security.
What was different about the Morris work was that the intruding program took advantage of networking and operating systems standardization to allow automatic propagation of itself onto freshly compromised systems. This meant that, like Von Neumann exponentiating machines, the Morris worm could rapidly scale its ability by the cascade effect of dedicating an exponential number of hosts to the effort. In addition, because the program added to its information store of "ways to break the system," the worm had greater "growth" potential than an ordinary computer virus because it could, again, leverage the network to pass back information and "learn" better how to break into more systems.
In sum, the Morris worm neatly demonstrated the vulnerability of computer networks, and made network-wide system security mandatory instead of an abstract research topic. To aggravate things, the rise of high-powered low-cost systems attached to the network have made security a part of systems design, planning, and administration long before it became a "popular" topic of conversation. With the number of Internet hosts now approaching 1 million and growing, security merits primary consideration before placing any system on the global network.
A Site Administrator's View of Security
When it comes down to it, security is the mundane part of computer administration. You put the software equivalent of a padlock on resources, files, and accounts, rotate the assignment of keys to users of these items, and track when attempts to unlock them are made. When initiating security procedures, however, an understanding of the users and environment is crucial to creating a secure, yet acceptable, work environment. A book which covers security should be comprehensive in all aspects of security; otherwise, you don't have a secure system. Security, whether a house or a file server, is as strong as the weakest link.
UNIX System Security is geared towards the system administrator and is engaging in its "tales" of security woes. The book is also categorized in much the same way that a systems administrator would no doubt view security: account security, filesystem (or, more properly, "data") security, and network security in general, followed by specific types of systems (securing workstations, for example), policies, and references. While it meanders somewhat through its intermingling of security procedures and needs, its hands-on cookbook approach should be of great use to any goal-oriented site administrator who prefers the historical approach to security--the "finger in the dike" view.
At the same time, this choice of organization is a flaw in UNIX System Security. The book does not go into as much depth as necessary, allowing a bit of cookbook knowledge to delude you into thinking you know everything. There's no overview of what security actually is (you have to go to the National Computer Security Center's famed Orange Book to find out). Security is a broad term that means different things to different groups, so defining what kind of security mechanism and its resulting effect is important. For example, there's no comparison between account security (most common and simple to implement) verses data security (much harder) or network (a combination of data and account security and the actual physical arrangement of the network itself, and an area which is also given short shrift in books on network architecture and management).
But more importantly for a book geared to site administrators, there's little perspective offered on the differing needs of various sites--a government site versus one in the private sector, for instance--but instead, it seems to be biased towards educational-site experiences. For example, government time and energy is often oriented towards "air gap" security to avoid penetration or subversion of the system. The private sector, on the other hand, tends to view those "within" the system (such as employees) as possible security problems--hence the focus on auditing, logs, and transaction files. Neither of these considerations is directly discussed, primarily because an educational site prefers a more open and free exchange of ideas and viewpoints (and also, because they don't usually have money to throw at procedures and personnel). The short shrift given to auditing, in particular, is an oversight for any private-sector site administrator. This is especially the case as modern computer systems with integral security auditing on per-file and per-process level become available.
Policies with respect to software, passwords, and so forth are also discussed in UNIX System Security, but these policies have an educational-site bias, and system administrators should refer to their site guidelines before implementing any of these suggestions. (If your site doesn't have guidelines, it's time to establish them.) Legal issues regarding site policies and policing and software licenses and copyrights are also volatile and undefined at this time, and the legal examples should be read with a grain of salt. Yet, for naive institutions that never considered such policies necessary, it does bring them back into the "real" world.
System Security at a Glance
For a more traditional overview of UNIX security, UNIX Installation, Security, and Integrity is welcome. Written in a concise and direct form, this book fills out the topic and is careful in discussing security categories. After breaking down the main-system security into appropriate categories (filesystem security, account security, and process security on the local system), it discusses cryptography and network security. It also deals with security monitoring and auditing procedures. Thus, the last word in its title actually has meaning.
One item I appreciated was the careful differentiation between trusted and regular systems. The authors went so far as to include a mention of hardware security support, an oft-forgotten area which should be covered in every security book.
The reference section of both books contain useful papers and books, including the Orange Book and some of Robert Morris's papers on security (which may have influenced his son's "worm" work) and brief discussions of secure software (such as Kerberos). In concentrating on recent works, however, some of the classic works were ignored, including studies on the KSOS System (Ford Aerospace) which are worth mentioning for their scope and depth.
Conclusion
UNIX System Security should become popular among site administrators struggling to get a handle on security needs--especially since most vendor-specific manuals don't cover those well-known security "holes" which can cause grief. For a more thorough and concise view of security, administrators should also obtain UNIX Installation, Security, and Integrity. But for a real understanding of security in the 1990s, check the references and attend the security conferences. That's where the action is.
UNIX System Security
David A. Curry
Addison-Wesley Professional Computing Series, 1992, 279 pp.
$32.25
ISBN 0-201-56327-4
UNIX Installation, Security, and Integrity
David Ferbrache and Gavin Shearer
Prentice-Hall, 1993, 305 pp.
$34.00
ISBN 0-13-015389-3
6/93 Dr. Dobbs Journal, USA: Extending Standards for CD-ROM. Although ISO-compliant CD-ROMs are interchangeable and usable on any type of system, the minimalism that made the ISO-9660 standard successful is sometimes too minimal. Consequently, the Rock Ridge Group and others have developed extensions to give new life to CD-ROMs.
-
"Most programmers are aware of the ISO-9660 standard and its significance in sharing CD-ROM data between different platforms. In our article "Inside the ISO-9660 Filesystem Format" (DDJ, December 1992), we examined how this standard has encouraged the use of CD-ROM technology and how a modern ISO-9660 CD-ROM is structured. ISO-compliant CD-ROMs are interchangeable and can be used on any type of system and architecture. However, the minimalism that helped make the ISO-9660 standard successful may sometimes be too minimal for specific applications (such as distributing POSIX-based, bootable CD-ROMs). Because ISO-9660 does not adequately support the POSIX filesystem, the Rock Ridge Group was formed to develop ISO-9660:1988 extensions, which take advantage of the system-use area of the directory record (provided for in ISO-9660) to store complete POSIX filesystem information.
Extensions to ISO-9660 can make a CD-ROM appear like a given target operating system (such as a POSIX-compliant filesystem). By encoding these extensions (using the sharing-use protocols), you can allow for separate sets of attributes for the same filesystem. This lets you organize extended information for different systems (such as VMS, DOS, and UNIX) in a nonconflicting way. Also, any system that only understands ISO-9660 without any extensions can still gain access to the files and obtain the exact same contents of data for a file; you aren't precluding any use of CD-ROM by the use of extensions, you're simply extending the scope of use of the information. "
[To continue reading this article, simply click here to register or login at DDJ.]
12/92 Dr. Dobbs Journal, USA: Inside the ISO-9660 Filesystem Format(With William F. (Bill) Jolitz). For delivering large amounts of data, CD-ROMS give you the biggest bang for the buck. The ISO-9660 filesystem format is discussed. Example utilities which allow a person to decode a CD-ROM and view a file are also presented.
4/91 Dr. Dobbs Journal, USA: Copyrights, Copyleft, and Competitive Advantage. An overview and analysis of the effects and trends towards the use of copyrights, Free Software Foundation (FSF) “copylefts”, and the impact on American competitive advantage.