Media praise for Practical UNIX and Internet Security

Have a blog? Join our Reader Review Program

"If you're a novice at computer security and want to learn, get this book and set aside time to read some of it every day. The bookmark will move slowly, but keep moving it. If you're already an expert, get this book and keep it at hand as a reference--and read a chapter a month, just to remind yourself of things you've forgotten."
--Jennifer Vesperman,

"If you know nothing about Linux security, and only have time for one book you should start with 'Practical Unix and Internet Security.' It's a fat book, but its accessible, and it gives you a solid grounding in the basics."
--Charlie Stross, Linux Format, May 2002

"If you're a TCP/IP network administrator, these three books published by O'Reilly on networking {'DNS & BIND;' 'TCP/IP Network Administration;' 'Practical Unix & Internet Security'} are indispensable. These three guides are essential to managing a TCP/IP Network."
--, March 2002

"...replete with practical examples, including typescripts of console command sessions, clear and easily understood diagrams...This classic, indispensable volume is the right book to trust."
--Christopher Brown-Syed, Library and Archival Security, Vol 17, Number 1, 2001

"Securing UNIX systems and networks against crackers and other assorted bad guys is a top priority for most organizations (or at least it should be). In order to properly protect your systems, you need to have the right information at your disposal: without this information you can easily miss holes in your security implementation. The authors of "Practical UNIX and Internet Security," Simson Garfinkel and Gene Spafford, write in a very down-to-earth, simple fashion that never leaves the reader wondering. Instead, the book is written for both those new to the field and the professionals that need a good reference manual lying on their shelves. "Practical UNIX and Internet Security" is a very popular book, and has reached almost cult status in many circles. The reason behind this is simple: there is a lot of information, the information is easily readable, and topics are grouped logically. What else can a reader ask for?"
--Dustin Puryear, 32bitsonline, Dec 2000

"One book I recommend highly for your linux library is 'Practical Unix and Internet Security'...This well-written volume covers a broad range of security topics, with valuable tips on making your system more secure."
--Gene Wilburn Computer Paper, Oct 1999

"To call this highly readable book comprehensive is an understatement. The breadth is vast, from fundamentals (definitions of computer security; the history of Unix) and commonsense but little-observed security basics (making backups; physical and personnel security; buggy software) to modern software (NFS, WWW, firewalls) and the handling of security incidents. The section on users alone is 21 pages long--and worth every page… The Internet covers to omuch and moves too quickly for any book to cover every security aspect of every piece of software, but this book comes close. More importantly, it gives you a grounding in the fundamental issues of security and teaches the right questions to ask —something that will stay with you long after today's software is obsolete."

"I would highly recommend adding this book to your security library."
--Technical Support, August 1996

"[A]keeper...the second edition of Garfinkel and Spafford's 1991 security book...has grown immensely, from barely over 500 pages to nearly a thousand, but most of it is both worthwhile and important.... Security is a really important topic. Your users don't understand it. Educators don't; nor does the medical profession. This is a fine book on a difficult topic."
--Peter H. Salus, ;login:, August 1996

"Buy this book and save on aspirin."
--Cliff Stoll, author of The Cuckoo's Egg and Silicon Snake Oil

"This is exactly the type of practical, easy to follow book that system administrators need to stay one step ahead of the system crackers -- if you have time to read only one security book, this should be it."
--Kevin J. Ziese, Captain, United States Air Force; Chief, Countermeasures Development, AF Information Warfare Center

"A updating and expansion of a comprehensive and dependable classic in the security field."
--Rob Slade, posted in RISKS Digest, copyright Robert M. Slade, 1993, 1996

"The previous edition...was one of the first to seriously address the issues of security in a networked UNIX environment; with the explosive growth of the Internet since that time, plus the book's expanded coverage of cryptography, tools, new services, and protocols, the second edition will be an important part of any system administrator's bookshelf."
--Alec Muffett, network security consultant and author of the Crack Program

"This revised edition...ably chronicles the changing security world of the Internet, with a greatly increased emphasis on network security and firewalls. If you could only purchase one book on Internet security, this is the one you'd want."
--Dan Farmer, coauthor of the SATAN and COPS Programs

"Describes, in readable and entertaining language, the issues, approaches, and methods for implementing to set up basic security policies and procedures to protect a UNIX system, network, and Internet connection from unauthorized users. The book explains in detail the ways that intruders can get into a system, as well as how to detect them, clean up after them, and even prosecute them if they do get in. It's complete, covering both host and network security, and doesn't require that the reader be a programmer or a UNIX guru to use it. Filled with practical scripts, tricks, and warnings,
Practical UNIX & Internet Security covers everything a reader needs to know to make a UNIX system as secure as it possibly can be. In this security-conscious age, this book is an essential reference for anyone who is responsible for a UNIX system."
--SunWorld 1996

Reviews From Previous Edition:

"Timely, accurate, written by recognized experts...covers every imaginable topic relating to UNIX security. An excellent book and I recommend it as a valuable additon to any system administrator's or computer site manager's collection."
--Jon Wright, Informatics (Australia), January 1994

"The book could easily become a standard desktop reference for anyone involved in system administration. In general, its comprehensive treatment of UNIX security issues will enlighten anyone with an interest in the topic."
--Paul Clark, Trusted Information Systems

"[The book] covers a lot of material not normally covered and provides practical instructions on how to do things. This will be very useful for practitioners....This book is far superior to any other I have seen on UNIX security."
--Matt Bishop, Dartmouth

"Buy this book and save on aspirin."
--Cliff Stoll, author of The Cuckoo's Egg

"Finally there is a UNIX security book that covers the BSD world as well as the SYS V version....The other aspect of UNIX security books that has been sorely lacking was the 'rest of UNIX' security. All the other books had a very thin overview of "down and dirty" security, as if they were afraid of giving out too much information....I'm ordering copies for all my people, and extra copies for the library at Apple."
--Laurie Sefton, Apple

"'Practical UNIX Security' is an excellent book, jam-packed with practical information, yet easy to read and even entertaining. It covers both System V and Berkeley derived variants of UNIX with a major concentration on networked systems. The authors not only cover UNIX security, but also reveal a great deal about the inner workings of UNIX as well along the way. For the practitioner, who may not be very familiar with UNIX internals, this is a tremendous bonus."
--George W. Leach ;login, May/June 1992

"'Practical UNIX Security' UNIX-centric but includes discussions of passwords, gateways, firewall machines, and the like, that will be valuable to any system administrator."
--Ray Duncan, Dr. Dobb's Journal, December 1994

"For larger or networked systems, I recommend 'Practical UNIX Security.' It is authoritative, detailed, and practical; it could keep you out of some trouble."
--Richard Morin, UNIX Review, August 1992

"This book is an extraordinarily successful effort to cram into a mere thousand pages...almost everything you need to know about Unix and Internet security. It is a complete rewrite of the First Edition of 1991, and contains much new material. In terms of pages per dollar or cents per page, or much more important, the amount of money it can save you by keeping you away from a horrendous array of potential security problems, it is an incredible bargain. This is a keeper -- at least until the Third Edition comes out, perhaps in 2001. By then, the authors will be able to write much more definitively about Java and web browsers, which are treated only lightly in the Second Edition. (Too much happening, too fast?) Everything else, however, seems well covered and very nicely written. This is a very readable and very useful book, and deserves to be looked at by all of you."
--Peter G. Neumann, Principal Scientist, SRI International Computer Science Lab; Chairman ACM Committee on Computers and Public Policy; Moderator of the Risks Forum (comp.risks)

"This volume is an update of the considerably slimmer first edition published in 1991. While most of the original edition (dealing primarily with issues of UNIX security) has been brought up to date, it is the new material dealing with issues of network security that make this second edition so valuable. Most of us have come to realize that, as our services have migrated from being on-site to network-accessible, our concerns have grown accordingly, and our need to understand at least the basics of security in an Internet environment has reached critical mass.
So why must we learn about security in a wired world? Well, to quote the classic paranoid, 'How do I know someone's not out to get me?' In fact as the networked numbers grow, the chances increase that someone is in fact out to get us, or at least get at our systems. As the authors explain in their excellent overview of the issue, there are structural insecurities built into the very bases of the Internet--TCP/IP (Transmission Control Protocol/ Internet Protocol) and UNIX.
Of course, what once were virtues are now vices, and it must be recognized that the designers of both TCP/IP and UNIX lived in, and programmed for, a much more secure and trusting environment than the commerce-driven Internet of today. In fact, one can go so far as to say that, by hard-coding those insecurities into TCP/IP and UNIX, programmers guaranteed the growth of networking by making it so darned easy to do. (It's difficult in a UNIX world not to network with other machines, unlike, say, the PC world, where networking is still seen as the equivalent of asking a dog to walk on its hind legs). Perhaps it's sufficient to say that the success of TCP/IP and UNIX, upon which the Internet still depends, also contains the seeds of its undoing.
So how does this book serve not only techies, but also those who must make reasonably informed decisions involving limited dollars? As Garfinkel and Spafford point out, 100% security, in addition to being a philosophical problem, costs far more than most organizations--for example, libraries--are able to pay. Consequently they have structured their text around a series of helpful issues which, in sum, probably account for more than 98% of the everyday security problems we face as operators of information servers. While the average administrator might blanche at the thought of understanding NFS (Network File System) or (horrors!) the kill command, he or she will immediately see the utility of educating users not to tape passwords to monitors, or the need to have personnel policies which enhance systems security, or why controlling access to servers is a project into which we might want to sink a little money. Despite its heft, the text does a reasonably good job of being readable for various categories of the technology-dependent.
And as a technical manual? Again, Garfinkel and Stafford do a good job under trying circumstances. UNIX is one of those peculiar words that imply linguistically that it is one thing when it is in fact several dozen things that bear a passing resemblance to each other owing to the existence of a common great-grandfather. So it is notoriously difficult to discuss the technicalities of UNIX security in such a way as not to lose the interest of the techie involved in AIX (Advanced Interactive eXchange) or Sun or HP (Hewlett-Packard) or Linux or SCO (Santa Cruz Operation)-specific security issues.
In fact, most techies might be tempted to bypass this title in favor of a vendor-specific publication. In doing so, they will miss an excellent structured presentation on generic UNIX issues of benefit to all system administrators. More importantly, by including pointers on how to find security information on the Internet, the authors are able to extend the life span of this edition beyond the pitifully short time most technical books live these days. In fact, without this section, the book might have already outlived its usefulness by the time this reviewer returned his review. Thankfully such is not the case--a knowledge of how to access security data from CERT (Computer Emergency Response Team), or how to download software patches, or where to post a (secure) question about hackers is a tool system administrators leave out of their toolkits at their peril.
In sum, the authors have managed to expand the scope of a classic text and increase its utility by focusing on core issues, and using the resources of the Internet itself as pointers to more current information. In this fuzzy age of transition from paper to digital text, such may be all we can ask of authors. For both the seasoned techie and the haggard administrator grown, in the words of a colleague, 'beyond her expertise,' Practical UNIX & Internet Security provides useful assurances that, while they are out to get us, we can dodge 98% of the bullets. And in a wired world, 98% is as perfect as it's going to get. Be careful out there."
--Copyright 1997 by Patrick Flannery. Telecommunications Electronic Reviews (TER), Volume 4, Issue 4, May 1, 1997. Patrick Flannery ( is Network & Systems Analyst for the Texas Medical Center Library in Houston, Texas.

"The next keeper is the second edition of Garfinkel and Spafford's 1991 security book. It has grown immensely, from barely over 500 pages to nearly a thousand, but most of it is both worthwhile and important. Divided into 27 chapters and seven appendixes, G&S proceed from the compulsory history of UNIX (in which they cite me), to the basics, user responsibilities, system security, network and internet security, 'Advanced Topics' (firewalls, wrappers, proxies, etc.), to the handling of security incidents.
If you read the June ;login:, you'll realize that the problems of password and network security are far from new. They date back to the beginnings of both the ARPANET and of UNIX. I recommend Bob Metcalfe's RFC 602 (December 1973 [!]) to everyone.
Security is a really important topic. Your users don't understand it. Educators don't; nor does the medical profession. This is a fine book on a difficult topic. There are lots of things to carp about: I thought the chapter on employees was too brief; I think 'Who Do You Trust?' is ungrammatical. Big deal. "This is an important book...."
--Peter H. Salus, ;login:, August 1996