Talk:UNIX Computing Security

I had intended to eventually write some security stuff into Guide to UNIX, but I might put it in this book instead. I do wonder what the current plans are. Some created a page UNIX Computing Security:References. Does that mean that this book uses colon convention? The slash convention "UNIX Computing Security/References" automatically generates upward links, but both conventions are acceptable. --Kernigh 00:52, 5 November 2005 (UTC)
 * My feeling is that security information would still be quite appropriate for the general UNIX books. I was going to aim this at a more hard-core security audience focusing on all the nitty-gritty details, &c. So, ultimately, how to take a UNIX system and harden it down to meet government security ratings. On the sub-page conventions, I saw both types in use so I wasn't sure about which way to go. I'd be fine with using the slash notation instead. Thanks. :) &mdash; RJHall 17:56, 7 November 2005 (UTC)

If you want to be really meaningful, to really educate people, then you might want to put Unix security in the context of theoretical security. Meaning, capabilities-based systems like EROS. Basically, at every turn you'd have to show how the security problem wouldn't have been a problem at all if it weren't for Unix's choosing the ACL route or would have been trivially resolved or how meeting certain govermental standards would have been deemed utterly impossible from a capabilities' point of view and they would never have been attempted (and how from a theoretical point of view it IS in fact impossible ...).

Estimated probability you'll take this advice: 1%. 24.200.176.92 22:03, 11 November 2005 (UTC)


 * Even in a theorecal and acedemic sense, capabilities-based systems like EROS are not really better than ACL-based systems. They simply use an alternate representation of the security matrix. Either way you do things, you need ACTORS*OBJECTS*OPERATIONS bits of data. Both systems can support this. Since actors are normally not persistent and objects normally are, the ACL method is superior. Persistent actors will give you trouble when you decide to do an OS upgrade. Then, leaving theory behind, we get to the matter of compatibility... ouch. AlbertCahalan 03:52, 13 November 2005 (UTC)


 * Probability correct, at least for me. I wanted to focus more on real-world applicable solutions than on more abstract security theory. :) &mdash; RJHall 20:05, 14 November 2005 (UTC)

DOS (denial-of-service)
A few tips at http://cr.yp.to/docs/resources.html describe how to deal with DOS (denial-of-service) attacks. Which chapter here describes how to respond to DOS attacks?


 * I just added in a chapter titled "Attacks and Exploits" to cover DoS, buffer overflow, &c. Will that work? Thanks. &mdash; RJHall 23:14, 18 January 2006 (UTC)