De Jules Verne Gids|Karol Van Bastelaar 9085530075€ 10,00
Practical Unix & Internet Security Second Edition 1565921488
€ 36,00
Enlèvement
370depuis 28 août. '23, 17:33
Caractéristiques
Description
||boek: Practical Unix & Internet Security Second Edition|Expanded & Updated|O'Reilly Nutshell Handbook
||door: Gene 'Spaf' Spafford, Simson Garfinkel, Tim O'Reilly
||taal: en
||jaar: 1996
||druk: 2nd edition, corrected
||pag.: 974p
||opm.: paperback|like new
||isbn: 1-56592-148-8
||code: 1:002125
--- Over het boek (foto 1): Practical Unix & Internet Security Second Edition ---
This second edition of the classic Practical UNIX Security is a complete rewrite of the original book. It's packed with twice the pages and offers even more practical information for UNIX users and administrators. In it you'll find coverage of features of many types of UNIX systems, including SunOS, Solaris, BSDI, AIX, HP-UX, Digital UNIX, Linux, and others. Contents include UNIX and security basics, system administrator tasks, network security, and appendices containing checklists and helpful summaries.
[source: https--www.eyrolles.com/Informatique/Livre/practical-unix-and-internet-security-9781565921481]
Table of Contents
Preface
Part I: Computer Security Basics
Chapter 1: Introduction
Chapter 2: Policies and Guidelines
Part II: User Responsibilities
Chapter 3: Users and Passwords
Chapter 4: Users, Groups, and the Superuser
Chapter 5: The UNIX Filesystem
Chapter 6: Cryptography
Part III: System Security
Chapter 7: Backups
Chapter 8: Defending Your Accounts
Chapter 9: Integrity Management
Chapter 10: Auditing and Logging
Chapter 11: Protecting Against Programmed Threats
Chapter 12: Physical Security
Chapter 13: Personnel Security
Part IV: Network and Internet Security
Chapter 14: Telephone Security
Chapter 15: UUCP
Chapter 16: TCP/IP Networks
Chapter 17: TCP/IP Services
Chapter 18: WWW Security
Chapter 19: RPC, NIS, NIS+, and Kerberos
Chapter 20: NFS
Part V: Advanced Topics
Chapter 21: Firewalls
Chapter 22: Wrappers and Proxies
Chapter 23: Writing Secure SUID and Network Programs
Part VI: Handling Security Incidents
Chapter 24: Discovering a Break-in
Chapter 25: Denial of Service Attacks and Solutions
Chapter 26: Computer Security and U.S. Law
Chapter 27: Who Do You Trust?
Part VII: Appendixes
Appendix A: UNIX Security Checklist
Appendix B: Important Files
Appendix C: UNIX Processes
Appendix D: Paper Sources
Appendix E: Electronic Resources
Appendix F: Organizations
Appendix G: Table of IP Services
[source: https--docstore.mik.ua/orelly/networking/puis/index.htm]
When Practical Unix Security was first published more than a decade ago, it became an instant classic. Crammed with information about host security, it saved many a Unix system administrator from disaster. The second edition added much-needed Internet security coverage and doubled the size of the original volume. The third edition is a comprehensive update of this very popular book - a companion for the Unix/Linux system administrator who needs to secure his or her organization's system, networks, and web presence in an increasingly hostile world.
Focusing on the four most popular Unix variants today--Solaris, Mac OS X, Linux, and FreeBSD--this book contains new information on PAM (Pluggable Authentication Modules), LDAP, SMB/Samba, anti-theft technologies, embedded systems, wireless and laptop issues, forensics, intrusion detection, chroot jails, telephone scanners and firewalls, virtual and cryptographic filesystems, WebNFS, kernel security levels, outsourcing, legal issues, new Internet protocols and cryptographic algorithms, and much more.
Practical Unix & Internet Security consists of six parts:
Packed with 1000 pages of helpful text, scripts, checklists, tips, and warnings, this third edition remains the definitive reference for Unix administrators and anyone who cares about protecting their systems and data from today's threats.
Recensie
"It's almost impossible to criticize such a venerable work as this, and there can be little doubt that backed up by online resources, this will form a solid foundation and reference work for years to come." - Martin Howse, LinuxUser & Developer, Issue 30 "If you know nothing about Linux security, and only have time for one book, you should start with Practical Unix and Internet Security." --Charlie Stross, Linux Format, September
[source: https--www.amazon.com.be]
Best for beginners [2003-08-01]
As a Linux administrator, I ordered this book hoping to find out how hackers typically gain access to systems and neat little tricks for locking down my system, as well as detecting and dealing with intruders. While Practical Unix & Internet Security did cover these topics, it covered little I didn't already know.
Significant time is spent explaining how unix-based systems work. The book covers things such as file systems, partition structure, file ownership/permissions, users and groups, inodes, ssh, backups, etc. Each command, utility, procedure or feature is detailed over several pages followed by an explanation of what you should be doing with said topic.
There are also a few real-world examples here and there; stories most of us have heard before, like the admin who had . in his path.
Unlike many computer books, this one is well written and an easy read, and it's certainly a lot more friendly than some unix geek's advice which consists of RTFM.
I think this book would be great for someone who has a very basic understanding of unix-based systems but has never administrated one before, but for those of us who've already had some experience running unix there's probably not anything new here for you.
G. Hoeppner [source: https--www.amazon.com.be]
Some useful information, but outdated, fair coverage of essentials [2018-08-22]
As above, but very U.S. -centric. From the off (Page 1) we're told about how many americans know of x or y. Phrases like "Congressional action" re-inforce the impression of a standard U.S. world-blindness. It's offputting to read such and kicks off the annoyance meter for the rest of it. The rest of the world understand software and security just as well as you do, Messers authors.
A pity because even today, MacOS, penguinistas and BSD users can get some fairly good refreshers from this mega-tome.
Top quote: "...vet your (job) applicants with a lie-detector test (if legal)".
Right.
Nikiforos V Fokas [source: https--www.amazon.com.be]
UNIX security basics described clearly and understandably [2016-01-02]
I am preparing for an IT security audit of enterprise UNIX systems. I had limited understanding of UNIX prior to reading this book. However I feel more confident now - the book provides an understandable description of the basic concepts, goes into sufficient detail and compares the different versions at an acceptable level. This book helped me loads in preparing for the audit, recommended for the whole team to read.
Enci M [source: https--www.amazon.com.be]
Only really understandable if you have unix/linux knowledge going in [2013-12-19]
This book may be very useful for people who have a strong working knowledge of Unix or Linux. I would recommend learning one of these operating systems before purchasing the book because it's practically unintelligible without that base of knowledge.
I bought it for a class and stopped reading it after the third week of school because I was getting nothing out of it. One can learn security concepts without learning Unix.
I recommend this book only if you have a good background in Unix or Linux. Otherwise, it will likely end up a paperweight.
Emily T. Condit [source: https--www.amazon.com.be]
--- Over (foto 2): Gene 'Spaf' Spafford ---
Eugene Howard Spafford (born 1956), known as Spaf, is an American professor of computer science at Purdue University and a computer security expert.
Spafford serves as an advisor to U.S. government agencies and corporations. In 1998, he founded and was the first director of the Center for Education and Research in Information Assurance and Security (CERIAS) at Purdue University.
Spafford attended the State University of New York at Brockport, graduating with a double major in mathematics and computer science in three years. He then attended the School of Information and Computer Sciences (now the College of Computing) at the Georgia Institute of Technology. He received his Master of Science (M.S.) in 1981, and Doctor of Philosophy (Ph.D.) in 1986, for his design and implementation of the kernel of the original Clouds distributed operating system.
During the formative years of the Internet, Spafford made significant contributions to establishing semi-formal processes to organize and manage Usenet, then the primary channel of communication between users, and to defining the standards of behavior governing its use. Spafford initiated the Phage List as a response to the Morris Worm, one of the earliest computer worms.
Computer science at Purdue
Spafford has served on the faculty at Purdue University in Indiana since 1987, and is a full professor of computer science. He is executive director emeritus of Purdue's Center for Education and Research in Information Assurance and Security (CERIAS), and founded its predecessor, the COAST Laboratory. He has stated that his research interests have focused on "the prevention, detection, and remediation of information system failures and misuse, with an emphasis on applied information security. This has included research in fault tolerance, software testing and debugging, intrusion detection, software forensics, and security policies."
Spafford wrote or co-authored four books on computer and computer security, including Practical Unix and Internet Security for O'Reilly Media, and over 150 research papers, chapters, and monographs. In 1996, he received the Award of Distinguished Technical Communication from the Society for Technical Communication for Practical Unix and Internet Security.
As a PhD advisor, Spafford supervised development of the Open Source Tripwire tool coded by his student Gene Kim. Spafford was the chief external technical advisor to the company Tripwire during their first few years. He was also graduate advisor to Dan Farmer who coded the freeware Computer Oracle and Password System (COPS) tool.
In 2009, Spafford discussed on C-SPAN an article in The New York Times that looked at how the Internet had been a conduit for many types of cybercrime.
Recent work from Spafford has shown how to deceive adversaries and thus make computing systems more secure, drawing on his multi-disciplinary expertise in information security and psychology.
Spafford is on the board of directors of the Computing Research Association and is the former chairperson of the Association for Computing Machinery's (ACM) US Public Policy Committee. He was a member of the President's Information Technology Advisory Committee from 2003 to 2005 and an advisor to the National Science Foundation (NSF). Spaf is a Fellow of the American Association for the Advancement of Science (1999) and the American Academy of Arts and Sciences (2020).
Selected honors and awards
1996 Awarded charter membership in the Institute of Electrical and Electronics Engineers (IEEE) IEEE Computer Society's Golden Core for distinguished service to the Computer Society during its first 50 years
2000 National Institute of Standards and Technology (NIST) and National Computer Security Center (NCSC) National Computer Systems Security Award
2001 Named to the Information Systems Security Association (ISSA) Hall of Fame
2003 Awarded United States Air Force medal for Meritorious Civilian Service
2007 ACM President's Award
2009 Computing Research Association Distinguished Service Award
2013 Elected to the National Cybersecurity Hall of Fame
2017 Received the International Federation for Information Processing (IFIP) TC-11 Kristian Beckman Award
2020 IEEE Security and Privacy Symposium Test of Time Award
2022 Honorary Professor of the University of Nottingham.
[source: wikipedia]
Gene Spafford, Ph.D., CISSP, is an internationally renowned scientist and educator who has been working in information security, policy, cybercrime, and software engineering for nearly two decades. He is a professor at Purdue University and is the director of CERIAS, the world's premier multidisciplinary academic center for information security and assurance. Professor Spafford and his students have pioneered a number of technologies and concepts well-known in security today, including the COPS and Tripwire tools, two-stage firewalls, and vulnerability databases. Spaf, as he is widely known, has achieved numerous professional honors recognizing his teaching, his research, and his professional service. These include being named a fellow of the AAAS, the ACM, and the IEEE; receiving the National Computer Systems Security Award; receiving the William Hugh Murray Medal of the NCISSE; election to the ISSA Hall of Fame; and receiving the Charles Murphy Award at Purdue. He was named a CISSP, honoris causa in 2000. In addition to over 100 technical reports and articles on his research, Spaf is also the coauthor of Web Security, Privacy, and Commerce, and was the consulting editor for Computer Crime: A Crimefighters Handbook (both from O'Reilly).
[source: https--www.amazon.com.be]
Dr. Eugene Spafford is a professor with an appointment in Computer Science at Purdue University, where he has served on the faculty since 1987. He is also a professor of Philosophy (courtesy), a professor of Communication (courtesy), a professor of Electrical and Computer Engineering (courtesy) and a Professor of Political Science (courtesy). He serves on a number of advisory and editorial boards. Spafford's current research interests are primarily in the areas of information security, computer crime investigation and information ethics. He is generally recognized as one of the senior leaders in the field of computing.
Spaf (as he is known to his friends, colleagues, and students) is Executive Director Emeritus of the Purdue CERIAS (Center for Education and Research in Information Assurance and Security), and was the founder and director of the (superseded) COAST Laboratory.
Spaf is Editor-on-Chief of the Elsevier journal Computers & Security, the oldest journal in the field of information security, and the official outlet of IFIP TC-11.
A more complete account of Spaf's activities and background may be found on the "Short biography" page. You can find out about some of his recent activities by visiting his news page. A complete C.V. is also available.
[source: https--spaf.cerias.purdue.edu]
Eugene H. Spafford is one of the senior, most recognized leaders in the field of computing. His research and development work, including work with his students, underlies cyber security mechanisms in use on millions of systems in use today, including work in firewalls, intrusion detection, vulnerability scanners, integrity monitoring, forensics, and security architectures.
Professor Spafford has been honored with every significant award in cyber security, including induction into the Cyber Security Hall of Fame; every major award at Purdue University for teaching; and many major awards for distinguished service to the computing community, including the CRA Distinguished Service Award. He is one of only two people to receive all three of the National Computer Security Award, be inducted into the Cyber Security Hall of Fame, and receive the Hal Tipton Award. He is also the only person ever to be named as a Fellow of the combination of the (ISC)2, ISSA (as a Distinguished Fellow), ACM, IEEE. American Association for the Advancement of Science (AAAS), and American Academy of Arts and Sciences (AAA&S).
Spaf (as he is widely known) has established an on-going record of accomplishment as a senior advisor and consultant on issues of security and intelligence, education, cybercrime and computing policy to a number of major companies, law enforcement organizations, academic and government agencies, including Microsoft, Intel, Tripwire, SignaCert, Unisys, the US Air Force, Sandia National Laboratory, Los Alamos National Laboratory, the National Security Agency, the GAO, the Federal Bureau of Investigation, the National Science Foundation, the Department of Justice, the Department of Energy, and the staff of two Presidents of the United States. With four decades of experience as a researcher and instructor, Professor Spafford has worked in software engineering, reliable distributed computing, host and network security, digital forensics, computing policy, and computing curriculum design. He is responsible for a number of "firsts" in several of these areas.
Dr. Eugene H. Spafford is a professor with primary appointment in Computer Science at Purdue University, where he has been a member of the faculty since 1987. He also has courtesy appointments as a professor of Philosophy, a professor of Communication, a professor of Electrical and Computer Engineering, and a professor of Political Science. He is the Executive Director Emeritus of the Purdue University Center for Education and Research in Information Assurance and Security (CERIAS). In 2012 he was named as one of Purdue's inaugural Morrill Professors -- the university's highest award for faculty.
Starting in 2010, Spaf became Editor-in-Chief of the Elsevier journal Computers & Security, the oldest journal in the field of information security, and the official outlet of IFIP TC-11. Prior to this appointment, he served as Academic Editor (Associate Editor) of the journal from 1998-2009.
Dr. Spafford was a past chair of the ACM's US Technology Policy Committee (formerly the US Public Policy Council) and was a member of ACM Council from 2012-2020. He is a member of Verified Voting's Board of Advisors. He is the current vice chair of ACM's Publications Ethics and Plagiarism Committee. He is (again) a member of the Board of Directors for the Computing Research Association.
Honors & Awards
General
In Security
In Computing & Science
In Education
Other Awards and Recognition
Professional Activities
U.S. Government
Dr. Spafford has been consulted by parts of the U.S. government, including delivering formal Congressional testimony nine times. He has contributed to 10 major amicus curiae briefs before U.S. courts, including the Supreme Court. He has acted in an advisory capacity for several agencies and commissions as detailed above.
Media
Spaf has a nearly 40-year history of being a resource for, and quoted in, news media. This has included video appearances on ABC News, CNN, Fox News, and the BBC. He has been interviewed and quoted numerous times in the NY Times, Wall St Journal, Newsweek, the Washington Post, USA Today, the Chronicle of Higher Education, Consumer Reports, Wired, and other international, national, and regional outlets.
Writing & Editing
Professor Spafford is currently on the advisory and editorial boards of the journals
He has written extensively in the field of computer security, including coauthoring an award-winning book on UNIX Security, Practical Unix & Internet Security ( O'Reilly and Associates, 1991; 2nd edition 1996; 3rd edition 2003) and a widely-cited book on computer viruses, Computer Viruses (ADAPSO, 1989). He has also served as contributing editor to Computer Crime: A Crime-Fighters Handbook ( O'Reilly and Associates, 1995), and Web Security, Privacy and Commerce, ( O'Reilly and Associates, 1997; 2nd edition 2002). He has published well over 100 papers and reports on his research. He has also spoken internationally at panels, conferences, symposia, and colloquia on these issues.
Spaf is currently writing a book with Leigh Metcalf and Josiah Dykstra, tentatively entitled Myths and Misperceptions in Cybersecurity. It is scheduled for publication in late 2022.
Selected Memberships and Chairmanships
Professor Spafford has also served as chairman of ACM's Self-Assessment Committee and of its ISEF Awards Committee, as well as served as a charter member of the Technical Standards Committee. He was co-chair of the ACM's Advisory Committee on Security and Privacy, now defunct. He has served as a member of ACM Council (the board of directors) 2012--2020.
Over the past few years, Professor Spafford has served in an advisory or consulting capacity on information security and computer crime with several U.S. government agencies and their contractors, including the NSF's CISE division, FBI, National Security Agency, U.S. Attorney's Office, the Secret Service, and the U.S. Air Force. He has also been an advisor to several Fortune 500 companies, law firms, and state and national law enforcement agencies around the world. Spaf was a member of the Defense Science Study Group V and was a member of the science study group supporting the U.S. Government's Infosec Research Council. He is a past member of the Board of Directors of the National Colloquium on Information Systems Security Education, was a member of the board of directors of the Network Time Foundation and of the Sun User Group (now defunct).
Incident Response
Spaf has been involved with security incident response both as an educator and as a practitioner. He has served as a member of the advisory boards of both CERT/CC and the FIRST (FIRST is the Forum of Incident Response and Security Teams). He was the founder and co-director of the Purdue Computer Emergency Response Team until 2001.
At Purdue
Teaching
In 1987, Professor Spafford joined the academic faculty of the Department of Computer Science at Purdue University. At Purdue, he has taught courses in operating systems, compiler and language design, computer security, computer architecture, software engineering, networking and data communications, and issues of ethics and professional responsibility. Over the last few years Professor Spafford has been recognized with the top three awards for teaching at Purdue University.
Research
Dr. Spafford's primary research is on issues relating to information security, with a secondary interest in the reliability of computer systems, and the consequences of computer failures. In addition to work in computer and network security, this involves research into issues of computer crime, and issues of liability and professional ethics. His work in security has resulted in several oft-cited papers and a number of books, as well as the development of the COPS and Tripwire security programs for Unix --- tools used world-wide for assistance in the management of system security.
Spaf's involvement in information security led, in early 1992, to his formation at Purdue of the COAST Project and Laboratory, of which he was the director. This was an effort to develop workable security technology and practical tools. In May of 1998, Purdue University formed the Center for Education and Research in Information Assurance and Security ( CERIAS ) and appointed Spaf as its first Director. This university-wide center is addressing the broader issues of information security and information assurance, and draws on expertise and research across all of the academic disciplines at Purdue. Because of its structure, and the incorporation of the COAST group in its activities, the CERIAS is the largest and most broadly-structured academic research center in the world in its field. In 2003, Spafford was promoted to Executive Director of CERIAS, which he held until summer 2016, when he was given the title Executive Director Emeritus.
In addition to his security research, Spaf has been an active researcher with the Software Engineering Research Center ( SERC ) --- an NSF University/Industry Cooperative Research Center, located jointly at several universities including Purdue. His research in the SERC included continuing work with testing technology, including the Mothra II testing environment; and with investigation of new approaches to software debugging, including development of the Spyder debugging tool.
Dr. Spafford has also conducted research on issues relating to increasing the reliability of computer systems, and the consequences of computer failures. This includes work with distributed computing systems (the Messiahs project).
Background
Dr. Spafford received his B.A. degree with a double major in Mathematics and Computer Science from the State University of New York Brockport (1979, NY). Upon graduation, he was honored with a SUNY College President's Citation. He then attended the School of Information and Computer Science (now the College of Computing ) at Georgia Institute of Technology, holding both a Georgia Tech President's Fellowship and a National Science Foundation Graduate Fellowship.
Spaf received his M.S. in 1981, and the Ph.D. in 1986 for his design and implementation of the original Clouds reliable, distributed operating system kernel, and for his contributions as one of the original members of the Clouds design team. Next, Dr. Spafford spent a year and a half as a research scientist (postdoc) with the Software Engineering Center at Georgia Tech. His duties there included serving as a principal software engineer with the Mothra software testing project.
[source: https--spaf.cerias.purdue.edu/narrate.html]
--- Over (foto 3): Simson Garfinkel ---
Simson L. Garfinkel (born 1965) is a Program Scientist at AI2050, part of Schmidt Futures. He has held several roles across government, including a Senior Data Scientist at the Department of Homeland Security (DHS), the US Census Bureau's Senior Computer Scientist for Confidentiality and Data Access. and a computer scientist at the National Institute of Standards and Technology (2015-2017). Prior to that, he was an associate professor at the Naval Postgraduate School in Monterey, California (2006-2015). In addition to his research, Garfinkel is a journalist, an entrepreneur, and an inventor; his work is generally concerned with computer security, privacy, and information technology.
Research
Garfinkel's early research was in the field of optical storage. While he was an undergraduate at the MIT Media Laboratory, Garfinkel developed CDFS, the first file system for write-once optical disk systems. During the summer of 1987, he worked at Brown University's IRIS Project, where he developed a server allowing CDROMs to be shared over a network simultaneously by multiple workstations.
In 1991, while a senior editor at NeXTWORLD magazine, Garfinkel created an address book program for the NeXT Computer called SBook. One of SBook's most popular features was a search field that performed a full-text search of all of the records in the address book with each keypress. This kind of search is now standard on many computer programs, including Apple's Mail application and Mozilla Thunderbird. SBook was one of the first programs to incorporate this kind of search technology.
In 1995, Garfinkel moved to Martha's Vineyard and started Vineyard.NET, the Vineyard's first Internet Service Provider. Vineyard.NET was bought by Broadband2Wireless, a wireless ISP, in 2000. The company went bankrupt in September 2001, and Garfinkel bought Vineyard.NET back from the debtor's estate.
In 1998, Garfinkel founded Sandstorm Enterprises, a computer security firm that developed advanced computer forensic tools used by businesses and governments to audit their systems. Sandstorm was acquired by Niksun in 2010. Garfinkel is the inventor of six patents, mostly in the field of computer security.
In 2003, Garfinkel and Abhi Shelat published an article in IEEE Security & Privacy magazine reporting on an experiment in which they purchased 158 used hard drives from a variety of sources and checked to see whether they still contained readable data. Roughly one third of the drives appeared to have information that was highly confidential and should have been erased prior to the drive's resale.
In 2006, Garfinkel introduced cross-drive analysis, an unsupervised machine learning algorithm for automatically reconstructing social networks from hard drives and other kinds of data-carrying devices that are likely to contain pseudo-unique information.
In September 2006, Garfinkel joined the faculty of the Naval Postgraduate School (NPS) in Monterey, California, as an associate professor of Computer Science. He moved to Arlington, Virginia, in June 2010 to help NPS with its research aims in the National Capital Region. He transitioned to the National Institute of Standards and Technology in January 2015, and to the US Census Bureau in 2017.
A common theme throughout Garfinkel's research is introduction of the scientific method to digital forensics.
Education and honors
Garfinkel obtained three BS degrees from MIT in 1987; a MS in journalism from Columbia University in 1988; and a PhD in computer science from MIT in 2005. He was a postdoctoral fellow at the Center for Research on Computation and Society at Harvard University from September 2005 through August 2008. He was named a Fellow of the ACM in 2012, and a fellow of the Institute of Electrical and Electronics Engineers in 2019.
Publications
Garfinkel is the author or co-author of 16 books, and the author of more than a thousand articles. He is a contributing writer for Technology Review and has written as a freelancer for many publications including Wired magazine, The Boston Globe, Privacy Journal, and CSO Magazine. His work for CSO Magazine earned him five regional and national journalism awards, including the Jesse H. Neal Business Journalism Awards in 2003 and 2004.
Garfinkel is also the editor of The Forensics Wiki
Books
[source: wikipedia]
Welcome to Simson Garfinkel's personal web site.
Simson L. Garfinkel serves on the Association for Computing Machinery's U.S. Technology and Policy Committee, and on its Ethics and Plagiarism Committee. He is also a science journalist who has published hundreds of articles in newspapers and magazines, and 17 books. His research interests broadly include data science ethics, digital forensics, personal information management, counter-intelligence and counter-terrorism. (Read full bio.)
Recent Publications
Recent tutorials and presentations
Note: talks with the same name may (and frequently do) have different slides
...
[source: https--simson.net/page/Main_Page]
Simson L. Garfinkel is a Computer Scientist at the National Institute of Standards and Technology's Information Technology Laboratory. Garfinkel's research interests include big data, privacy, usability, social justice, and data fusion. He holds seven US patents and has published dozens of research articles for his work in computer security and digital forensics. He is an ACM Fellow, an IEEE Senior Member, as a member of the National Association of Science Writers.
Garfinkel is the author or co-author of fourteen books on computing. He is perhaps best known for his book Database Nation: The Death of Privacy in the 21st Century. His book Practical UNIX and Internet Security (co-authored with Gene Spafford and Alan Schwartz), has sold more than 250,000 copies and been translated into more than a dozen languages since the first edition was published in 1991.
Prior earning his PhD, Garfinkel worked as a science journalist, during which time he wrote more than a thousand articles about science, technology, and technology policy in the popular press. He has won numerous national journalism awards, including the Jesse H. Neal National Business Journalism Award. Today he mostly writes for MIT's Technology Review Magazine and the technologyreview.com website.
As an entrepreneur, Garfinkel founded five companies between 1989 and 2000, including Vineyard.NET, which provided Internet service on Martha's Vineyard to more than a thousand customers from 1995 through 2005, and Sandstorm Enterprises, an early developer of computer forensic tools.
Garfinkel received three Bachelor of Science degrees from MIT in 1987, a Master's of Science in Journalism from Columbia University in 1988, and a Ph.D. in Computer Science from MIT in 2005.
Awards
Publications
...
[source: https--www.nist.gov/people/simson-garfinkel]
Dr. Simson Garfinkel is the Advising Chief Scientist for BasisTech. An internationally recognized expert in the area of digital forensics, Garfinkel's research publications include computer security, privacy, and policy issues pertaining to quantum information science. A fellow of the American Association for the Advancement of Science, the Association for Computing Machinery, and the Institute for Electrical and Electronic Engineers, Garfinkel has authored or co-authored more than 70 peer-reviewed academic articles. Previously a tenured associate professor at the Naval Postgraduate School, Garfinkel has also held technical leadership positions at the US Census Bureau and the US Department of Homeland Security.
In addition to his work as a scientist, Garfinkel writes for popular technology and business publications about topics at the intersection of science, technology and society. His most recent book, Law and Policy for the Quantum Age (co-authored with Chris Hoofnagle), explores for a non-technical audience the defense, intelligence and commercial impact of quantum information science, including quantum computing, quantum sensing, and quantum cryptography. His previous book, THE COMPUTER BOOK (co-authored with Rachel Grunspan), presents an illustrated timeline of 250 milestones in the history of computing.
[source: https--www.basistech.com/management/dr-simson-garfinkel]
Simson Garfinkel, CISSP, is a journalist, entrepreneur, and international authority on computer security. Garfinkel is chief technology officer at Sandstorm Enterprises, a Boston-based firm that develops state-of-the-art computer security tools. Garfinkel is also a columnist for Technology Review Magazine and has written for more than 50 publications, including Computerworld, Forbes, and The New York Times. He is also the author of Database Nation; Web Security, Privacy, and Commerce; PGP: Pretty Good Privacy; and seven other books. Garfinkel earned a master's degree in journalism at Columbia University in 1988 and holds three undergraduate degrees from MIT. He is currently working on his doctorate at MIT's Laboratory for Computer Science.
[source: https--www.amazon.com.be]
Simson Garfinkel is a postdoctoral fellow at the Center for Research on Computers and Society at Harvard University's department of Electrical Engineering and Computer Science. He came to Harvard after completing his Ph.D. in Computer Security at MIT's Computer Science and Artificial Intelligence Laboratory, where he studied computer security, usability, and forensics. Garfinkel is also the founder of Sandstorm Enterprises, Inc., a supplier of computer security auditing tools. Garfinkel writes a monthly column on computer security for CSO Magazine, for which he has received the 2004 and 2005 Neal Business Journalism award. This is Garfinkel's 14th book; he doesn't have any free time.
[source: https--www.eyrolles.com/Accueil/Auteur/simson-garfinkel-158]
||door: Gene 'Spaf' Spafford, Simson Garfinkel, Tim O'Reilly
||taal: en
||jaar: 1996
||druk: 2nd edition, corrected
||pag.: 974p
||opm.: paperback|like new
||isbn: 1-56592-148-8
||code: 1:002125
--- Over het boek (foto 1): Practical Unix & Internet Security Second Edition ---
This second edition of the classic Practical UNIX Security is a complete rewrite of the original book. It's packed with twice the pages and offers even more practical information for UNIX users and administrators. In it you'll find coverage of features of many types of UNIX systems, including SunOS, Solaris, BSDI, AIX, HP-UX, Digital UNIX, Linux, and others. Contents include UNIX and security basics, system administrator tasks, network security, and appendices containing checklists and helpful summaries.
[source: https--www.eyrolles.com/Informatique/Livre/practical-unix-and-internet-security-9781565921481]
Table of Contents
Preface
Part I: Computer Security Basics
Chapter 1: Introduction
Chapter 2: Policies and Guidelines
Part II: User Responsibilities
Chapter 3: Users and Passwords
Chapter 4: Users, Groups, and the Superuser
Chapter 5: The UNIX Filesystem
Chapter 6: Cryptography
Part III: System Security
Chapter 7: Backups
Chapter 8: Defending Your Accounts
Chapter 9: Integrity Management
Chapter 10: Auditing and Logging
Chapter 11: Protecting Against Programmed Threats
Chapter 12: Physical Security
Chapter 13: Personnel Security
Part IV: Network and Internet Security
Chapter 14: Telephone Security
Chapter 15: UUCP
Chapter 16: TCP/IP Networks
Chapter 17: TCP/IP Services
Chapter 18: WWW Security
Chapter 19: RPC, NIS, NIS+, and Kerberos
Chapter 20: NFS
Part V: Advanced Topics
Chapter 21: Firewalls
Chapter 22: Wrappers and Proxies
Chapter 23: Writing Secure SUID and Network Programs
Part VI: Handling Security Incidents
Chapter 24: Discovering a Break-in
Chapter 25: Denial of Service Attacks and Solutions
Chapter 26: Computer Security and U.S. Law
Chapter 27: Who Do You Trust?
Part VII: Appendixes
Appendix A: UNIX Security Checklist
Appendix B: Important Files
Appendix C: UNIX Processes
Appendix D: Paper Sources
Appendix E: Electronic Resources
Appendix F: Organizations
Appendix G: Table of IP Services
[source: https--docstore.mik.ua/orelly/networking/puis/index.htm]
When Practical Unix Security was first published more than a decade ago, it became an instant classic. Crammed with information about host security, it saved many a Unix system administrator from disaster. The second edition added much-needed Internet security coverage and doubled the size of the original volume. The third edition is a comprehensive update of this very popular book - a companion for the Unix/Linux system administrator who needs to secure his or her organization's system, networks, and web presence in an increasingly hostile world.
Focusing on the four most popular Unix variants today--Solaris, Mac OS X, Linux, and FreeBSD--this book contains new information on PAM (Pluggable Authentication Modules), LDAP, SMB/Samba, anti-theft technologies, embedded systems, wireless and laptop issues, forensics, intrusion detection, chroot jails, telephone scanners and firewalls, virtual and cryptographic filesystems, WebNFS, kernel security levels, outsourcing, legal issues, new Internet protocols and cryptographic algorithms, and much more.
Practical Unix & Internet Security consists of six parts:
- Computer security basics: introduction to security problems and solutions, Unix history and lineage, and the importance of security policies as a basic element of system security.
- Security building blocks: fundamentals of Unix passwords, users, groups, the Unix filesystem, cryptography, physical security, and personnel security.
- Network security: a detailed look at modem and dialup security, TCP/IP, securing individual network services, Sun's RPC, various host and network authentication systems (e.g., NIS, NIS+, and Kerberos), NFS and other filesystems, and the importance of secure programming.
- Secure operations: keeping up to date in today's changing security world, backups, defending against attacks, performing integrity management, and auditing.
- Handling security incidents: discovering a break-in, dealing with programmed threats and denial of service attacks, and legal aspects of computer security.
- Appendixes: a comprehensive security checklist and a detailed bibliography of paper and electronic references for further reading and research.
Packed with 1000 pages of helpful text, scripts, checklists, tips, and warnings, this third edition remains the definitive reference for Unix administrators and anyone who cares about protecting their systems and data from today's threats.
Recensie
"It's almost impossible to criticize such a venerable work as this, and there can be little doubt that backed up by online resources, this will form a solid foundation and reference work for years to come." - Martin Howse, LinuxUser & Developer, Issue 30 "If you know nothing about Linux security, and only have time for one book, you should start with Practical Unix and Internet Security." --Charlie Stross, Linux Format, September
[source: https--www.amazon.com.be]
Best for beginners [2003-08-01]
As a Linux administrator, I ordered this book hoping to find out how hackers typically gain access to systems and neat little tricks for locking down my system, as well as detecting and dealing with intruders. While Practical Unix & Internet Security did cover these topics, it covered little I didn't already know.
Significant time is spent explaining how unix-based systems work. The book covers things such as file systems, partition structure, file ownership/permissions, users and groups, inodes, ssh, backups, etc. Each command, utility, procedure or feature is detailed over several pages followed by an explanation of what you should be doing with said topic.
There are also a few real-world examples here and there; stories most of us have heard before, like the admin who had . in his path.
Unlike many computer books, this one is well written and an easy read, and it's certainly a lot more friendly than some unix geek's advice which consists of RTFM.
I think this book would be great for someone who has a very basic understanding of unix-based systems but has never administrated one before, but for those of us who've already had some experience running unix there's probably not anything new here for you.
G. Hoeppner [source: https--www.amazon.com.be]
Some useful information, but outdated, fair coverage of essentials [2018-08-22]
As above, but very U.S. -centric. From the off (Page 1) we're told about how many americans know of x or y. Phrases like "Congressional action" re-inforce the impression of a standard U.S. world-blindness. It's offputting to read such and kicks off the annoyance meter for the rest of it. The rest of the world understand software and security just as well as you do, Messers authors.
A pity because even today, MacOS, penguinistas and BSD users can get some fairly good refreshers from this mega-tome.
Top quote: "...vet your (job) applicants with a lie-detector test (if legal)".
Right.
Nikiforos V Fokas [source: https--www.amazon.com.be]
UNIX security basics described clearly and understandably [2016-01-02]
I am preparing for an IT security audit of enterprise UNIX systems. I had limited understanding of UNIX prior to reading this book. However I feel more confident now - the book provides an understandable description of the basic concepts, goes into sufficient detail and compares the different versions at an acceptable level. This book helped me loads in preparing for the audit, recommended for the whole team to read.
Enci M [source: https--www.amazon.com.be]
Only really understandable if you have unix/linux knowledge going in [2013-12-19]
This book may be very useful for people who have a strong working knowledge of Unix or Linux. I would recommend learning one of these operating systems before purchasing the book because it's practically unintelligible without that base of knowledge.
I bought it for a class and stopped reading it after the third week of school because I was getting nothing out of it. One can learn security concepts without learning Unix.
I recommend this book only if you have a good background in Unix or Linux. Otherwise, it will likely end up a paperweight.
Emily T. Condit [source: https--www.amazon.com.be]
--- Over (foto 2): Gene 'Spaf' Spafford ---
Eugene Howard Spafford (born 1956), known as Spaf, is an American professor of computer science at Purdue University and a computer security expert.
Spafford serves as an advisor to U.S. government agencies and corporations. In 1998, he founded and was the first director of the Center for Education and Research in Information Assurance and Security (CERIAS) at Purdue University.
Spafford attended the State University of New York at Brockport, graduating with a double major in mathematics and computer science in three years. He then attended the School of Information and Computer Sciences (now the College of Computing) at the Georgia Institute of Technology. He received his Master of Science (M.S.) in 1981, and Doctor of Philosophy (Ph.D.) in 1986, for his design and implementation of the kernel of the original Clouds distributed operating system.
During the formative years of the Internet, Spafford made significant contributions to establishing semi-formal processes to organize and manage Usenet, then the primary channel of communication between users, and to defining the standards of behavior governing its use. Spafford initiated the Phage List as a response to the Morris Worm, one of the earliest computer worms.
Computer science at Purdue
Spafford has served on the faculty at Purdue University in Indiana since 1987, and is a full professor of computer science. He is executive director emeritus of Purdue's Center for Education and Research in Information Assurance and Security (CERIAS), and founded its predecessor, the COAST Laboratory. He has stated that his research interests have focused on "the prevention, detection, and remediation of information system failures and misuse, with an emphasis on applied information security. This has included research in fault tolerance, software testing and debugging, intrusion detection, software forensics, and security policies."
Spafford wrote or co-authored four books on computer and computer security, including Practical Unix and Internet Security for O'Reilly Media, and over 150 research papers, chapters, and monographs. In 1996, he received the Award of Distinguished Technical Communication from the Society for Technical Communication for Practical Unix and Internet Security.
As a PhD advisor, Spafford supervised development of the Open Source Tripwire tool coded by his student Gene Kim. Spafford was the chief external technical advisor to the company Tripwire during their first few years. He was also graduate advisor to Dan Farmer who coded the freeware Computer Oracle and Password System (COPS) tool.
In 2009, Spafford discussed on C-SPAN an article in The New York Times that looked at how the Internet had been a conduit for many types of cybercrime.
Recent work from Spafford has shown how to deceive adversaries and thus make computing systems more secure, drawing on his multi-disciplinary expertise in information security and psychology.
Spafford is on the board of directors of the Computing Research Association and is the former chairperson of the Association for Computing Machinery's (ACM) US Public Policy Committee. He was a member of the President's Information Technology Advisory Committee from 2003 to 2005 and an advisor to the National Science Foundation (NSF). Spaf is a Fellow of the American Association for the Advancement of Science (1999) and the American Academy of Arts and Sciences (2020).
Selected honors and awards
1996 Awarded charter membership in the Institute of Electrical and Electronics Engineers (IEEE) IEEE Computer Society's Golden Core for distinguished service to the Computer Society during its first 50 years
2000 National Institute of Standards and Technology (NIST) and National Computer Security Center (NCSC) National Computer Systems Security Award
2001 Named to the Information Systems Security Association (ISSA) Hall of Fame
2003 Awarded United States Air Force medal for Meritorious Civilian Service
2007 ACM President's Award
2009 Computing Research Association Distinguished Service Award
2013 Elected to the National Cybersecurity Hall of Fame
2017 Received the International Federation for Information Processing (IFIP) TC-11 Kristian Beckman Award
2020 IEEE Security and Privacy Symposium Test of Time Award
2022 Honorary Professor of the University of Nottingham.
[source: wikipedia]
Gene Spafford, Ph.D., CISSP, is an internationally renowned scientist and educator who has been working in information security, policy, cybercrime, and software engineering for nearly two decades. He is a professor at Purdue University and is the director of CERIAS, the world's premier multidisciplinary academic center for information security and assurance. Professor Spafford and his students have pioneered a number of technologies and concepts well-known in security today, including the COPS and Tripwire tools, two-stage firewalls, and vulnerability databases. Spaf, as he is widely known, has achieved numerous professional honors recognizing his teaching, his research, and his professional service. These include being named a fellow of the AAAS, the ACM, and the IEEE; receiving the National Computer Systems Security Award; receiving the William Hugh Murray Medal of the NCISSE; election to the ISSA Hall of Fame; and receiving the Charles Murphy Award at Purdue. He was named a CISSP, honoris causa in 2000. In addition to over 100 technical reports and articles on his research, Spaf is also the coauthor of Web Security, Privacy, and Commerce, and was the consulting editor for Computer Crime: A Crimefighters Handbook (both from O'Reilly).
[source: https--www.amazon.com.be]
Dr. Eugene Spafford is a professor with an appointment in Computer Science at Purdue University, where he has served on the faculty since 1987. He is also a professor of Philosophy (courtesy), a professor of Communication (courtesy), a professor of Electrical and Computer Engineering (courtesy) and a Professor of Political Science (courtesy). He serves on a number of advisory and editorial boards. Spafford's current research interests are primarily in the areas of information security, computer crime investigation and information ethics. He is generally recognized as one of the senior leaders in the field of computing.
Spaf (as he is known to his friends, colleagues, and students) is Executive Director Emeritus of the Purdue CERIAS (Center for Education and Research in Information Assurance and Security), and was the founder and director of the (superseded) COAST Laboratory.
Spaf is Editor-on-Chief of the Elsevier journal Computers & Security, the oldest journal in the field of information security, and the official outlet of IFIP TC-11.
A more complete account of Spaf's activities and background may be found on the "Short biography" page. You can find out about some of his recent activities by visiting his news page. A complete C.V. is also available.
[source: https--spaf.cerias.purdue.edu]
Eugene H. Spafford is one of the senior, most recognized leaders in the field of computing. His research and development work, including work with his students, underlies cyber security mechanisms in use on millions of systems in use today, including work in firewalls, intrusion detection, vulnerability scanners, integrity monitoring, forensics, and security architectures.
Professor Spafford has been honored with every significant award in cyber security, including induction into the Cyber Security Hall of Fame; every major award at Purdue University for teaching; and many major awards for distinguished service to the computing community, including the CRA Distinguished Service Award. He is one of only two people to receive all three of the National Computer Security Award, be inducted into the Cyber Security Hall of Fame, and receive the Hal Tipton Award. He is also the only person ever to be named as a Fellow of the combination of the (ISC)2, ISSA (as a Distinguished Fellow), ACM, IEEE. American Association for the Advancement of Science (AAAS), and American Academy of Arts and Sciences (AAA&S).
Spaf (as he is widely known) has established an on-going record of accomplishment as a senior advisor and consultant on issues of security and intelligence, education, cybercrime and computing policy to a number of major companies, law enforcement organizations, academic and government agencies, including Microsoft, Intel, Tripwire, SignaCert, Unisys, the US Air Force, Sandia National Laboratory, Los Alamos National Laboratory, the National Security Agency, the GAO, the Federal Bureau of Investigation, the National Science Foundation, the Department of Justice, the Department of Energy, and the staff of two Presidents of the United States. With four decades of experience as a researcher and instructor, Professor Spafford has worked in software engineering, reliable distributed computing, host and network security, digital forensics, computing policy, and computing curriculum design. He is responsible for a number of "firsts" in several of these areas.
Dr. Eugene H. Spafford is a professor with primary appointment in Computer Science at Purdue University, where he has been a member of the faculty since 1987. He also has courtesy appointments as a professor of Philosophy, a professor of Communication, a professor of Electrical and Computer Engineering, and a professor of Political Science. He is the Executive Director Emeritus of the Purdue University Center for Education and Research in Information Assurance and Security (CERIAS). In 2012 he was named as one of Purdue's inaugural Morrill Professors -- the university's highest award for faculty.
Starting in 2010, Spaf became Editor-in-Chief of the Elsevier journal Computers & Security, the oldest journal in the field of information security, and the official outlet of IFIP TC-11. Prior to this appointment, he served as Academic Editor (Associate Editor) of the journal from 1998-2009.
Dr. Spafford was a past chair of the ACM's US Technology Policy Committee (formerly the US Public Policy Council) and was a member of ACM Council from 2012-2020. He is a member of Verified Voting's Board of Advisors. He is the current vice chair of ACM's Publications Ethics and Plagiarism Committee. He is (again) a member of the Board of Directors for the Computing Research Association.
Honors & Awards
General
- Named as an Honorary Professor of Computer Science at Nottingham University in the United Kingdom.
- Named to the Georgia Tech College of Computing Hall of Fame
- Elected as a Fellow of the American Academy of Arts and Sciences (AAA&S), founded in 1780.
- Named as a Sagamore of the Wabash, Indiana's highest civilian honor, in 2016.
- Presented with an inaugural Purdue University Morrill Award in 2012. This is Purdue's top award for faculty members, recognizing those have made extraordinary contributions to the land-grant mission of the university: teaching, research, and community service. Of the approximately 3000 faculty members at Purdue, only 19 (0.6%) have received this award as of January, 2019.
- Presented with a WORLDCOMP/ERSA Outstanding Achievement Award in 2011.
- Named as the 2009 recipient of the CRA Distinguished Service Award .
- Presented with the ACM President's Award in 2007. The citation was " "...for his long and effective leadership on issues of computer security and policy, professional responsibility, and the Internet." " ( Press release .)
- Presented with an honorary D.Sc. (Doctor of Science) degree from the trustees of the State University of New York in 2005 at spring commencement of the State University of New York Brockport .
In Security
- Recipient of the first ACSAC Cybersecurity Artifacts Competition Impactful System Award for his design of Tripwire. Award made in 2022; Tripwire designed in 1991.
- Co-recipient of an IEEE Symposium on Security & Privacy "Test of Time" award
- Named as one of the 2018 recipents of the ISE (c) Luminary Leadership Award
- Named as the 2017 awardee of the IFIP TC-11 Kristian Beckman Award .
- Named as the 2013 awardee of the (ISC) 2 Harold F. Tipton Lifetime Achievement Award
- Spaf was named as one of the 2013 inductees to the National Cyber Security Hall of Fame
- Awarded a SANS Lifetime Achievement Award in 2011.
- Named as a Security Visionary by "The Everything Channel" in 2010.
- Named as a Distinguished Fellow of the ISSA in 2009.
- Awarded the 2006 Outstanding Contribution Award of the ACM Special Interest Group on Security, Audit and Control.
- Awarded the 2006 Joseph J. Wasserman award of the ISACA New York Metropolitan Chapter " "... for your overall body of work and contributions to the information security profession." "
- Named by Network World as one of the " 50 Most Powerful People in Networking " (in the security group) at the end of 2006.
- Awarded the 2005 IEEE Computer Society Technical Achievement Award. The citation on the award is " For contributions to information security and digital forensics. " (Previous award winners are noted here .)
- Named to the ISSA (Information Systems Security Association) Hall of Fame in 2001 and made a Lifetime Member. In 2009 he was named as a Distinguished Fellow of the ISSA.
- Awarded status as an Honorary CISSP by the Board of Directors of the ISC2 (also a Fellow of the ISC2 as of 2008).
- 2000 NIST/NCSC (of the NSA) National Computer System Security Award recipient.
- Year 2000 Applied Computer Security Associates Distinguished Practitioner.
- Profiled by the Washington Post in 2000 as one of the most influential policy experts in information security (Security Guard on p. H5, June 19, 2000).
- Named as one of the "Five Most Influential Leaders in Information Security" by the readers of the magazine Information Security in 1999.
In Computing & Science
- Fellow of the ACM.
- Fellow of the American Association for the Advancement of Science (AAAS).
- Fellow of the IEEE.
- Charter member of the IEEE Computer Society's Golden Core.
- Elected to Upsilon Pi Epsilon.
In Education
- Awarded the Taylor L. Booth Medal in 2004 by the IEEE Computer Society for " For excellence as an educator, and for outstanding contributions to the definition, materials and practice of information security and computing."
- Named to Purdue's Book of Great Teachers in 2003.
- Awarded the Murray Founder's Medal in 2001 by the NCISSE (National Colloquium for Information Systems Security Education) for " Outstanding Contributions to Information Security Education. "
- Year 2001 recipient of the Purdue University Outstanding Undergraduate Teaching Award in Memory of Charles B. Murphy.
- Named as a Fellow of the Purdue Teaching Academy in October 2001.
- Named as the Cecil H. and Ida Green Honors Professor at Texas Christian University in 1995.
Other Awards and Recognition
- Named as a Fellow of the Ponemon Institute in 2014.
- Presented with the ACM SIGCAS Making a Difference Award in 2004. The citation on the award is " For his outstanding contribution to both the technical and public policy aspects of protecting the global cyberspace infrastructure. "
- Presented with the U.S. Air Force medal for "Meritorious Civilian Service," in recognition of his work with the USAF Scientific Advisory Board. from 1999-2003.
- Presented with the Hall of Heritage Award from the SUNY State University of New York Brockport Alumni Association.
- Presented with an IEEE Computer Society Meritorious Service Certificate in 1992 " ...for participating in the 1991 Curriculum Task Force."
- Received an Award of Distinguished Technical Communication (highest award) and Award of Merit from the Society for Technical Communications in 1996, for Practical Unix and Internet Security (2nd edition).
- Named to the the State University of New York's Alumni Honor Roll in 1995.
Professional Activities
U.S. Government
Dr. Spafford has been consulted by parts of the U.S. government, including delivering formal Congressional testimony nine times. He has contributed to 10 major amicus curiae briefs before U.S. courts, including the Supreme Court. He has acted in an advisory capacity for several agencies and commissions as detailed above.
Media
Spaf has a nearly 40-year history of being a resource for, and quoted in, news media. This has included video appearances on ABC News, CNN, Fox News, and the BBC. He has been interviewed and quoted numerous times in the NY Times, Wall St Journal, Newsweek, the Washington Post, USA Today, the Chronicle of Higher Education, Consumer Reports, Wired, and other international, national, and regional outlets.
Writing & Editing
Professor Spafford is currently on the advisory and editorial boards of the journals
- Computers & Security (formerly as the Academic/Associate Editor, now as Editor-in-Chief)
- Network Security
- International Journal on Critical Infrastructure Protection
- International Journal of Information and Computer Security
- Array
He has written extensively in the field of computer security, including coauthoring an award-winning book on UNIX Security, Practical Unix & Internet Security ( O'Reilly and Associates, 1991; 2nd edition 1996; 3rd edition 2003) and a widely-cited book on computer viruses, Computer Viruses (ADAPSO, 1989). He has also served as contributing editor to Computer Crime: A Crime-Fighters Handbook ( O'Reilly and Associates, 1995), and Web Security, Privacy and Commerce, ( O'Reilly and Associates, 1997; 2nd edition 2002). He has published well over 100 papers and reports on his research. He has also spoken internationally at panels, conferences, symposia, and colloquia on these issues.
Spaf is currently writing a book with Leigh Metcalf and Josiah Dykstra, tentatively entitled Myths and Misperceptions in Cybersecurity. It is scheduled for publication in late 2022.
Selected Memberships and Chairmanships
- Member of the US Air Force Air University Board of Visitors, 2009-2013.
- Member of the advisory board for the U.S. Naval Academy's Center for Cyber Security Studies, 2011-2021.
- Member of the National Security Advisory Board for Sandia National Laboratory, 2021-present.
- Member of the President's Information Technology Advisory Committee ( PITAC ), 2003-2005.
- Chair of the ACM's US Public Policy Committee, USACM, 1998-2014,and 2015-2015.
- One of ACM's two representatives on the Board of Directors of the Computing Research Association, 1998-2007 and 2022-2023.
- Member of the National Steering Committee of the FBI's Regional Computer Forensic Laboratory Program (RCFL) from 2003-2005.
- Member of the U.S. GAO (General Accountability Office) Executive Council on Information Management and Technology, 2003-present.
- Member (and former chair) of IFIP's TC 11 working group on network security (WG 4), and former member of WG 9 on computer forensics.
- Member of the US Air Force Scientific Advisory Board, 1999-2003; consultant in 2007 and 2008.
- Member and Fellow of the ACM, and member of ACM Council 2012-2016.
- Member and Fellow of the Computer Society of the IEEE.
- Fellow of the American Academy of Arts and Sciences, (AAA&S)
- Member and Fellow of the American Association for the Advancement of Science (AAAS).
- Member of Sigma Xi.
Professor Spafford has also served as chairman of ACM's Self-Assessment Committee and of its ISEF Awards Committee, as well as served as a charter member of the Technical Standards Committee. He was co-chair of the ACM's Advisory Committee on Security and Privacy, now defunct. He has served as a member of ACM Council (the board of directors) 2012--2020.
Over the past few years, Professor Spafford has served in an advisory or consulting capacity on information security and computer crime with several U.S. government agencies and their contractors, including the NSF's CISE division, FBI, National Security Agency, U.S. Attorney's Office, the Secret Service, and the U.S. Air Force. He has also been an advisor to several Fortune 500 companies, law firms, and state and national law enforcement agencies around the world. Spaf was a member of the Defense Science Study Group V and was a member of the science study group supporting the U.S. Government's Infosec Research Council. He is a past member of the Board of Directors of the National Colloquium on Information Systems Security Education, was a member of the board of directors of the Network Time Foundation and of the Sun User Group (now defunct).
Incident Response
Spaf has been involved with security incident response both as an educator and as a practitioner. He has served as a member of the advisory boards of both CERT/CC and the FIRST (FIRST is the Forum of Incident Response and Security Teams). He was the founder and co-director of the Purdue Computer Emergency Response Team until 2001.
At Purdue
Teaching
In 1987, Professor Spafford joined the academic faculty of the Department of Computer Science at Purdue University. At Purdue, he has taught courses in operating systems, compiler and language design, computer security, computer architecture, software engineering, networking and data communications, and issues of ethics and professional responsibility. Over the last few years Professor Spafford has been recognized with the top three awards for teaching at Purdue University.
Research
Dr. Spafford's primary research is on issues relating to information security, with a secondary interest in the reliability of computer systems, and the consequences of computer failures. In addition to work in computer and network security, this involves research into issues of computer crime, and issues of liability and professional ethics. His work in security has resulted in several oft-cited papers and a number of books, as well as the development of the COPS and Tripwire security programs for Unix --- tools used world-wide for assistance in the management of system security.
Spaf's involvement in information security led, in early 1992, to his formation at Purdue of the COAST Project and Laboratory, of which he was the director. This was an effort to develop workable security technology and practical tools. In May of 1998, Purdue University formed the Center for Education and Research in Information Assurance and Security ( CERIAS ) and appointed Spaf as its first Director. This university-wide center is addressing the broader issues of information security and information assurance, and draws on expertise and research across all of the academic disciplines at Purdue. Because of its structure, and the incorporation of the COAST group in its activities, the CERIAS is the largest and most broadly-structured academic research center in the world in its field. In 2003, Spafford was promoted to Executive Director of CERIAS, which he held until summer 2016, when he was given the title Executive Director Emeritus.
In addition to his security research, Spaf has been an active researcher with the Software Engineering Research Center ( SERC ) --- an NSF University/Industry Cooperative Research Center, located jointly at several universities including Purdue. His research in the SERC included continuing work with testing technology, including the Mothra II testing environment; and with investigation of new approaches to software debugging, including development of the Spyder debugging tool.
Dr. Spafford has also conducted research on issues relating to increasing the reliability of computer systems, and the consequences of computer failures. This includes work with distributed computing systems (the Messiahs project).
Background
Dr. Spafford received his B.A. degree with a double major in Mathematics and Computer Science from the State University of New York Brockport (1979, NY). Upon graduation, he was honored with a SUNY College President's Citation. He then attended the School of Information and Computer Science (now the College of Computing ) at Georgia Institute of Technology, holding both a Georgia Tech President's Fellowship and a National Science Foundation Graduate Fellowship.
Spaf received his M.S. in 1981, and the Ph.D. in 1986 for his design and implementation of the original Clouds reliable, distributed operating system kernel, and for his contributions as one of the original members of the Clouds design team. Next, Dr. Spafford spent a year and a half as a research scientist (postdoc) with the Software Engineering Center at Georgia Tech. His duties there included serving as a principal software engineer with the Mothra software testing project.
[source: https--spaf.cerias.purdue.edu/narrate.html]
--- Over (foto 3): Simson Garfinkel ---
Simson L. Garfinkel (born 1965) is a Program Scientist at AI2050, part of Schmidt Futures. He has held several roles across government, including a Senior Data Scientist at the Department of Homeland Security (DHS), the US Census Bureau's Senior Computer Scientist for Confidentiality and Data Access. and a computer scientist at the National Institute of Standards and Technology (2015-2017). Prior to that, he was an associate professor at the Naval Postgraduate School in Monterey, California (2006-2015). In addition to his research, Garfinkel is a journalist, an entrepreneur, and an inventor; his work is generally concerned with computer security, privacy, and information technology.
Research
Garfinkel's early research was in the field of optical storage. While he was an undergraduate at the MIT Media Laboratory, Garfinkel developed CDFS, the first file system for write-once optical disk systems. During the summer of 1987, he worked at Brown University's IRIS Project, where he developed a server allowing CDROMs to be shared over a network simultaneously by multiple workstations.
In 1991, while a senior editor at NeXTWORLD magazine, Garfinkel created an address book program for the NeXT Computer called SBook. One of SBook's most popular features was a search field that performed a full-text search of all of the records in the address book with each keypress. This kind of search is now standard on many computer programs, including Apple's Mail application and Mozilla Thunderbird. SBook was one of the first programs to incorporate this kind of search technology.
In 1995, Garfinkel moved to Martha's Vineyard and started Vineyard.NET, the Vineyard's first Internet Service Provider. Vineyard.NET was bought by Broadband2Wireless, a wireless ISP, in 2000. The company went bankrupt in September 2001, and Garfinkel bought Vineyard.NET back from the debtor's estate.
In 1998, Garfinkel founded Sandstorm Enterprises, a computer security firm that developed advanced computer forensic tools used by businesses and governments to audit their systems. Sandstorm was acquired by Niksun in 2010. Garfinkel is the inventor of six patents, mostly in the field of computer security.
In 2003, Garfinkel and Abhi Shelat published an article in IEEE Security & Privacy magazine reporting on an experiment in which they purchased 158 used hard drives from a variety of sources and checked to see whether they still contained readable data. Roughly one third of the drives appeared to have information that was highly confidential and should have been erased prior to the drive's resale.
In 2006, Garfinkel introduced cross-drive analysis, an unsupervised machine learning algorithm for automatically reconstructing social networks from hard drives and other kinds of data-carrying devices that are likely to contain pseudo-unique information.
In September 2006, Garfinkel joined the faculty of the Naval Postgraduate School (NPS) in Monterey, California, as an associate professor of Computer Science. He moved to Arlington, Virginia, in June 2010 to help NPS with its research aims in the National Capital Region. He transitioned to the National Institute of Standards and Technology in January 2015, and to the US Census Bureau in 2017.
A common theme throughout Garfinkel's research is introduction of the scientific method to digital forensics.
Education and honors
Garfinkel obtained three BS degrees from MIT in 1987; a MS in journalism from Columbia University in 1988; and a PhD in computer science from MIT in 2005. He was a postdoctoral fellow at the Center for Research on Computation and Society at Harvard University from September 2005 through August 2008. He was named a Fellow of the ACM in 2012, and a fellow of the Institute of Electrical and Electronics Engineers in 2019.
Publications
Garfinkel is the author or co-author of 16 books, and the author of more than a thousand articles. He is a contributing writer for Technology Review and has written as a freelancer for many publications including Wired magazine, The Boston Globe, Privacy Journal, and CSO Magazine. His work for CSO Magazine earned him five regional and national journalism awards, including the Jesse H. Neal Business Journalism Awards in 2003 and 2004.
Garfinkel is also the editor of The Forensics Wiki
Books
- The Computer Book: From the Abacus to Artificial Intelligence, 250 Milestones in the History of Computer Science (Sterling Milestones), by Simson L. Garfinkel and Rachel H. Grunspan. 2018 (Sterling)
- Usable Security: History, Themes, and Challenges], by Simson Garfinkel and Heather Lipford, 2014. (Morgan & Claypool, part of the Synthesis Lectures on Information Security, Privacy and Trust series.)
- Lorrie Cranor and Garfinkel, Simson (2005). Security and Usability. O'Reilly and Associates.
- Garfinkel, Simson and Beth Rosenberg (2005). RFID: Applications, Security and Privacy. Addison-Wesley.
- Garfinkel, Simson and Gene Spafford and Alan Schwartz (2003). Practical UNIX and Internet Security, 3rd Edition. O'Reilly and Associates. ISBN 978-0596003234.
- Garfinkel, Simson and Michael K. Mahoney (2002). Building Cocoa Applications: A Step by Step Guide. O'Reilly and Associates. ISBN 0-596-00235-1.
- Web Security, Privacy and Commerce, with Gene Spafford. 2001. (O'Reilly & Associates, Inc.)
- Garfinkel, Simson (2000). Database Nation; The Death of Privacy in the 21st Century. O'Reilly and Associates. ISBN 0-596-00105-3. (review by Peter G. Neumann and review by Eugene Spafford, in the RISKS Digest)
- Garfinkel, Simson (1999). Architects of the Information Society. MIT Press. ISBN 9780262071963.
- Garfinkel, Simson & Alan Schwartz (1998). Stopping Spam. O'Reilly and Associates. ISBN 1-56592-388-X. (review by Rob Slade in the RISKS Digest)
- Garfinkel, Simson with Eugene Spafford (1997). Web Security and Commerce. O'Reilly and Associates. ISBN 9781565922693.
- Garfinkel, Simson and Eugene Spafford (1996). Practical UNIX and Internet Security. O'Reilly and Associates. ISBN 1-56592-148-8. (review by Peter G. Neumann in the RISKS Digest)
- Garfinkel, Simson (1995). PGP: Pretty Good Privacy. O'Reilly and Associates. ISBN 1-56592-098-8.
- Garfinkel, Simson; Weise, Daniel; Strassman, Steven, eds. (1994). UNIX-HATERS Handbook. IDG. ISBN 1-56884-203-1.
- Garfinkel, Simson and Michael K. Mahoney (1993). NeXTStep Programming. The Electronic Library of Science. ISBN 0-387-97884-4.
- Garfinkel, Simson and Eugene Spafford (1991). Practical UNIX and Security. O'Reilly and Associates. Bibcode:1991pus..book.....G.
[source: wikipedia]
Welcome to Simson Garfinkel's personal web site.
Simson L. Garfinkel serves on the Association for Computing Machinery's U.S. Technology and Policy Committee, and on its Ethics and Plagiarism Committee. He is also a science journalist who has published hundreds of articles in newspapers and magazines, and 17 books. His research interests broadly include data science ethics, digital forensics, personal information management, counter-intelligence and counter-terrorism. (Read full bio.)
Recent Publications
- 2023-08-01 Simson Garfinkel, Jon Stewart, Sharpening Your Tools: Updating bulk_extractor for the 2020s, Communications of the ACM, August 2023
- 2023-01-01 Simson Garfinkel and Eugene H. Spafford. 2023. In Memoriam: Frederick P. Brooks, Jr. 1931-2022, Commun. ACM 65, 10 (Jan 2023), https--doi.org/10.1145/3572995
- 2022-01-24 Differential Privacy and the 2020 US Census published by the MIT Schwarzman College of Computing Case Studies series.
- 2021-10-22 AMS Notices has published The Philosophy of Differential Privacy, which I wrote with Claire McKay Bowen.
- 2021-04-13 I will be teaching GWU DATS 6450 - Data Science Ethics this fall.
- 2020-08-28 Marian S. Garfinkel (1932-2020)
- 2020-01-23 Simson's Notepaper App has been upgraded! Print your own notepaper! And new features are on the way, including integration with Apple Calendar.
- 2019-11-19 The Computer Book Talk at NSF
Recent tutorials and presentations
Note: talks with the same name may (and frequently do) have different slides
- 2020-06-15 Using Apache Spark and Differential Privacy for Protecting the Privacy of the 2020 Census Respondents, at the Spark+AI virtual conference.
- 2019-11-19 The Computer Book Talk at NSF
- 2019-07-16 PETS Keynote Address - Deploying Differential Privacy for the 2020 Census of Population and Housing (slides) (pdf)
- 2019-06-18 Mac Forensics in 90 Minutes
- 2019-05-02 Differential Privacy Concepts
- 2019-01-28 Rice Symposium on Data Privacy, discussing the 2020 Disclosure Avoidance System.
...
[source: https--simson.net/page/Main_Page]
Simson L. Garfinkel is a Computer Scientist at the National Institute of Standards and Technology's Information Technology Laboratory. Garfinkel's research interests include big data, privacy, usability, social justice, and data fusion. He holds seven US patents and has published dozens of research articles for his work in computer security and digital forensics. He is an ACM Fellow, an IEEE Senior Member, as a member of the National Association of Science Writers.
Garfinkel is the author or co-author of fourteen books on computing. He is perhaps best known for his book Database Nation: The Death of Privacy in the 21st Century. His book Practical UNIX and Internet Security (co-authored with Gene Spafford and Alan Schwartz), has sold more than 250,000 copies and been translated into more than a dozen languages since the first edition was published in 1991.
Prior earning his PhD, Garfinkel worked as a science journalist, during which time he wrote more than a thousand articles about science, technology, and technology policy in the popular press. He has won numerous national journalism awards, including the Jesse H. Neal National Business Journalism Award. Today he mostly writes for MIT's Technology Review Magazine and the technologyreview.com website.
As an entrepreneur, Garfinkel founded five companies between 1989 and 2000, including Vineyard.NET, which provided Internet service on Martha's Vineyard to more than a thousand customers from 1995 through 2005, and Sandstorm Enterprises, an early developer of computer forensic tools.
Garfinkel received three Bachelor of Science degrees from MIT in 1987, a Master's of Science in Journalism from Columbia University in 1988, and a Ph.D. in Computer Science from MIT in 2005.
Awards
- 2013 Best Paper Award, "Language Translation for File Paths," DFRWS, Aug 4-7, Monterey
- 2012 Fellow, Association for Computing Machinery (certificate)
- 2011 Best Paper Award, "Forensic Carving of Network Packets and Associated Data Structures," Aug 1-3, New Orleans, LA
- 2011 Information Systems Security Association Hall of Fame
- 2011 Department of Defense Value Engineering Achievement Award, Bulk Extractor Program.
- 2010 Best Paper Award, "Bringing Science to Digital Forensics with Standardized Forensic Corpora," Aug, Monterey, Canada.
- 2005 George M. Sprowls Award for the best doctoral theses in computer science, Honorable Mention, awarded for "Design Principles and Patterns for Computer Systems That Are Simultaneously Secure and Usable" supervised by Robert Miller and David Clark.
- 2005 Best Regular Column, Contributed (Gold) (Northeast Region, Under 80,000 circulation), awarded by the American Society of Business Publication Editors (ASBPE), for the "Machine shop" series in CSO Magazine. (Award granted for the July and September 2004 columns.)
- 2005 Jesse H. Neal National Business Journalism Award, for Best Regularly Featured Department or Column, awarded to CSO Magazine's "Machine Shop" column, by Simson Garfinkel (edited by Elaine Cummings, designed by Chandra Tallman with Steve Traynor).
- 2004 Best Regular Column, Contributed (Gold) (National, Under 80,000), awarded by the American Association of Business Publishers and Editors (ASBPE), for the "Machine shop" series in CSO Magazine. (Award granted for the April and May 2003 columns.)
- 2004 Best Regular Column, Contributed (Gold) (East Coast Region, Under 80,000 circulation), awarded by the American Society of Business Publication Editors] (ASBPE), East Coast Region, for the "Machine Shop" series in CSO Magazine.
- 2004 Jesse H. Neal National Business Journalism Award, for Best Regularly Featured Department or Column, awarded to CSO Magazine's "Machine Shop" column, by Simson Garfinkel (edited by Elaine Cummings, designed by Chandra Tallman with Steve Traynor). (front)(back)
- 2004 Jesse H. Neal National Business Journalism Award, Grand Neal Runner-up, 2nd place, CSO Magazine, "Machine Shop."
- 2003 Best Regular Column, Contributed (Silver) (East Coast Region, Under 80,000 circulation), awarded by the American Society of Business Publication Editors], (ASBPE) for the "Machine Shop" series in CSO Magazine.
- 2002-2005 MIT Presidential Fellowship, for study in the field of Computer Science at the Massachusetts Institute of Technology Laboratory for Computer Science.
- 2000 Best COMPUTERS IN SOCIETY book, Third Annual BookBytes Awards, awarded for Database Nation: The Death of Privacy in the 21st Century.
- 1999 Best Feature Series (West Coast Region, Circulation over 80,000), awarded by the awarded by the American Society of Business Publication Editors], for the "Privacy in the Internet Age" feature series appearing in PC World Magazine.
- 1997 Award of Merit for Practical UNIX and Internet Security, International Technical Publications Competition, awarded by the Society for Technical Communication.
- 1996 Award of Distinguished Technical Communication (highest award) for Practical UNIX and Internet Security, STC Boston/NNE Technical Publications Competition, awarded by the Society for Technical Communication
- 1988 Winner of the Elisabbeta DiCagno Award "for the best investigative story on environmental protection or human rights," Columbia University Graduate School of Journalism.
Publications
...
[source: https--www.nist.gov/people/simson-garfinkel]
Dr. Simson Garfinkel is the Advising Chief Scientist for BasisTech. An internationally recognized expert in the area of digital forensics, Garfinkel's research publications include computer security, privacy, and policy issues pertaining to quantum information science. A fellow of the American Association for the Advancement of Science, the Association for Computing Machinery, and the Institute for Electrical and Electronic Engineers, Garfinkel has authored or co-authored more than 70 peer-reviewed academic articles. Previously a tenured associate professor at the Naval Postgraduate School, Garfinkel has also held technical leadership positions at the US Census Bureau and the US Department of Homeland Security.
In addition to his work as a scientist, Garfinkel writes for popular technology and business publications about topics at the intersection of science, technology and society. His most recent book, Law and Policy for the Quantum Age (co-authored with Chris Hoofnagle), explores for a non-technical audience the defense, intelligence and commercial impact of quantum information science, including quantum computing, quantum sensing, and quantum cryptography. His previous book, THE COMPUTER BOOK (co-authored with Rachel Grunspan), presents an illustrated timeline of 250 milestones in the history of computing.
[source: https--www.basistech.com/management/dr-simson-garfinkel]
Simson Garfinkel, CISSP, is a journalist, entrepreneur, and international authority on computer security. Garfinkel is chief technology officer at Sandstorm Enterprises, a Boston-based firm that develops state-of-the-art computer security tools. Garfinkel is also a columnist for Technology Review Magazine and has written for more than 50 publications, including Computerworld, Forbes, and The New York Times. He is also the author of Database Nation; Web Security, Privacy, and Commerce; PGP: Pretty Good Privacy; and seven other books. Garfinkel earned a master's degree in journalism at Columbia University in 1988 and holds three undergraduate degrees from MIT. He is currently working on his doctorate at MIT's Laboratory for Computer Science.
[source: https--www.amazon.com.be]
Simson Garfinkel is a postdoctoral fellow at the Center for Research on Computers and Society at Harvard University's department of Electrical Engineering and Computer Science. He came to Harvard after completing his Ph.D. in Computer Security at MIT's Computer Science and Artificial Intelligence Laboratory, where he studied computer security, usability, and forensics. Garfinkel is also the founder of Sandstorm Enterprises, Inc., a supplier of computer security auditing tools. Garfinkel writes a monthly column on computer security for CSO Magazine, for which he has received the 2004 and 2005 Neal Business Journalism award. This is Garfinkel's 14th book; he doesn't have any free time.
[source: https--www.eyrolles.com/Accueil/Auteur/simson-garfinkel-158]
Numéro de l'annonce: m2016323986
Mots-clés populaires
Informatique, Ordinateur dans Livresedition hemma dans Livresedition soleil dans Livresédition erasme dans Livresedition time life dans Livresasterix edition dans Livresedition dupuis dans Livresedition erasme dans Livresedition originale bd dans Livresenglish file third edition dans Livresedition atlas dans Livresedition dunod dans Livresedition grund dans Livreslivres informatique dans Livresedition boeck dans Livrespeugeot 307 cabriolet dans Autoscob belgique dans Timbres & Monnaiesgplmoteur peugeot 103 dans Vélos & Vélomoteursterrain floreffe