Knowledge Base

If you're interested in learning more about the subject of auditing *nix operating systems, there are many resources available in print and on the Internet.

As far as books go, one of the "go to" books on Unix security is Practical Unix & Internet Security, by Simson Garfinkel, Gene Spafford, and Alan Schwartz, published by O'Reilly Media, Inc. This book provides an excellent overview of the topic, along with detailed guidance on how to secure the Unix environment.

Another excellent print resource is Essential System Administration, by Æleen Frisch, published by O'Reilly Media, Inc. This book is written for *nix administrators but also can serve as an excellent guide for auditors who are looking for details on how to implement many of the concepts discussed in this chapter.

There are also many websites devoted to Unix. The problem is wading through them to determine which ones can be of the most use. Following are some to consider:

  • and other documents from SANS

  • top 20 vulnerabilities

  • configuration guides from the National Security Agency

  • guidelines from the National Institute of Standards and Technologies

  • 75 security tools as generated from a survey of NMAP users

  • of lists; good security-oriented mailing lists

  • lists, news, vulnerabilities

  • with the vulnerability database section of security focus, this is a good site to begin research on potential vulnerabilities.

Remember that Google is your friend, and there is a wealth of information on the Internet about how Unix and Linux systems work. For example, try searching for "command list unix" without the quotes.

IT Auditing. Using Controls to Protect Information Assets
It Auditing: Using Controls to Protect Information Assets [IT AUDITING -OS N/D]
Year: 2004
Pages: 159 © 2008-2017.
If you may any questions please contact us: