 | 会員なら、この商品は10%Amazonポイント還元 (ポイントが表示されている場合は、表示ポイント+10%還元)。 |
商品の説明
内容紹介
The intensive search for a more secure operating system has often left everyday, production computers far behind their experimental, research cousins. Now SELinux (Security Enhanced Linux) dramatically changes this. This best-known and most respected security-related extension to Linux embodies the key advances of the security field. Better yet, SELinux is available in widespread and popular distributions of the Linux operating system--including for Debian, Fedora, Gentoo, Red Hat Enterprise Linux, and SUSE--all of it free and open source.
SELinux emerged from research by the National Security Agency and implements classic strong-security measures such as role-based access controls, mandatory access controls, and fine-grained transitions and privilege escalation following the principle of least privilege. It compensates for the inevitable buffer overflows and other weaknesses in applications by isolating them and preventing flaws in one application from spreading to others. The scenarios that cause the most cyber-damage these days--when someone gets a toe-hold on a computer through a vulnerability in a local networked application, such as a Web server, and parlays that toe-hold into pervasive control over the computer system--are prevented on a properly administered SELinux system.
The key, of course, lies in the words "properly administered." A system administrator for SELinux needs a wide range of knowledge, such as the principles behind the system, how to assign different privileges to different groups of users, how to change policies to accommodate new software, and how to log and track what is going on. And this is where SELinux is invaluable. Author Bill McCarty, a security consultant who has briefed numerous government agencies, incorporates his intensive research into SELinux into this small but information-packed book. Topics include: A readable and concrete explanation of SELinux concepts and the SELinux security model Installation instructions for numerous distributions Basic system and user administration A detailed dissection of the SELinux policy language Examples and guidelines for altering and adding policies With "SELinux," a high-security computer is within reach of any system administrator. If you want an effective means of securing your Linux system--and who doesn't?--this book provides the means.
著者について
Bill McCarty is associate professor of management information systems in the School of Business and Management of Azusa Pacific University, Azusa, California, and was previously associate professor of computer science, in which capacity he taught for ten years in Azusa Pacific's Master of Applied Computer Science program. Bill holds a Ph.D. in the management of information systems from the Claremont Graduate University, Claremont, California, and worked for 15 years as a software developer and manager.
登録情報
|
カスタマーレビュー
Amazon.com で最も参考になったカスタマーレビュー (beta)
Amazon.com:
5つ星のうち 4.1
11件のカスタマーレビュー
19 人中、19人の方が、「このレビューが参考になった」と投票しています。
5つ星のうち 3.0
Good Introduction but lacks advanced, how-to information.
2005/4/8
By J. Huckaby
- (Amazon.com)
形式:ペーパーバック
Personally, I prefer books to focus either concepts or detailed implementation instructions not both. For complex topics like SELinux, you typically cannot fit the conceptual and pragmatic within one book. McCarty's SELINUX is no exception. SELINUX provides an excellent overview of concepts but struggles with policy implementation methods and procedures. I suspect the topic is simply too large for one volume. What implementation advice presented is clear and concise but you will have to search elsewhere for more detailed deployment advice.
Despite these issues, this book is recommended reading for anyone considering implementing SELinux. The conceptual overview is some of the best I've seen since SELinux got its start. Using charts, diagrams and examples, McCarty presents an excellent overview of the nuts and bolts of SELinux. Understanding the principles of Role-Based Access Control, Type Enforcement, and Security Objects is critical to both using SELinux and justifying its use. The latter may be a bigger hurdle than many anticipate. The chapters on these areas will arm you with sufficient understanding to make a clear case of why SELinux can and should be implemented in many Linux-based computing environments.
While there are brief examples throughout, the book's third chapter on SELinux installation presents a well-documented, step-by-step guide to installing SELinux. If you've never installed SELinux, these sections will prove very valuable. With clearly numbered steps and command line examples, you can have SELinux installed and configured with a default policy within an hour.
As a mix between the pragmatic and conceptual, SELINUX is a good start on this topic. Entry level SELinux users will probably not learn too much from this book, but if your are looking for a introduction to SELinux concepts along with some pragmatic advice for getting started, then this book may be for you.
Despite these issues, this book is recommended reading for anyone considering implementing SELinux. The conceptual overview is some of the best I've seen since SELinux got its start. Using charts, diagrams and examples, McCarty presents an excellent overview of the nuts and bolts of SELinux. Understanding the principles of Role-Based Access Control, Type Enforcement, and Security Objects is critical to both using SELinux and justifying its use. The latter may be a bigger hurdle than many anticipate. The chapters on these areas will arm you with sufficient understanding to make a clear case of why SELinux can and should be implemented in many Linux-based computing environments.
While there are brief examples throughout, the book's third chapter on SELinux installation presents a well-documented, step-by-step guide to installing SELinux. If you've never installed SELinux, these sections will prove very valuable. With clearly numbered steps and command line examples, you can have SELinux installed and configured with a default policy within an hour.
As a mix between the pragmatic and conceptual, SELINUX is a good start on this topic. Entry level SELinux users will probably not learn too much from this book, but if your are looking for a introduction to SELinux concepts along with some pragmatic advice for getting started, then this book may be for you.
8 人中、8人の方が、「このレビューが参考になった」と投票しています。
5つ星のうち 4.0
vastly improved implementation
2005/3/13
By W Boudville
- (Amazon.com)
形式:ペーパーバック
Selinux is a conscious attempt to fundamentally rework and improve linux security. Previously, or more to the point, in most current linux machines, the security was somewhat of an ad hoc approach. This is mitigated by a formidable array of open source IDS tools like Ethereal and Snort that let a sysadmin often successfully depend her network and machines.
But as the frequency and virulence of malware attacks has increased, the Selinux of this book may be a timely reinforcing of the operating system. As McCarty explains, this book is geared towards a sysadmin, as opposed to a programmer. It discusses the new things you should know. Especially the concepts of role based access model and of domains. The former has shades of DEC's VMS, which had a very mature implementation. Or those of you with mainframe experience may also recognise familiar ideas.
Programmers may find the book a little sparse, as mentioned above. But possibly McCarty is devising a sequel for them.
But as the frequency and virulence of malware attacks has increased, the Selinux of this book may be a timely reinforcing of the operating system. As McCarty explains, this book is geared towards a sysadmin, as opposed to a programmer. It discusses the new things you should know. Especially the concepts of role based access model and of domains. The former has shades of DEC's VMS, which had a very mature implementation. Or those of you with mainframe experience may also recognise familiar ideas.
Programmers may find the book a little sparse, as mentioned above. But possibly McCarty is devising a sequel for them.
7 人中、7人の方が、「このレビューが参考になった」と投票しています。
5つ星のうち 5.0
Every Linux person could use this book
2004/12/13
By S. Thomas Adelstein
- (Amazon.com)
形式:ペーパーバック
Bill McCarty has done a top notch job of explaining Security Enhanced Linux as well as the security model itself. I've attempted so many time to "get it" about SELinux and not until I read this book did it make sense.
Bill's organization of the material makes a huge difference. He breaks the subject down into easily understandable chunks. The reader can follow the simple road until everything makes sense. And, SE Linux does make sense. It should be implemented everywhere.
Another thing compelled me to get this book -- it's size. This is a relatively small book. I remember thinking that I could read it without spending two weeks in a study mode. I was right about that. I read it in quick order.
I especially like O'Reilly books. I aslo like Bill's editor, Andy Oram. With the two of them collaborating, you're going to get an interesting book, topics that flow well and a professional product worth much more than the list price.
I'm glad I found this book. I want to congratulate all parties involved for creating an excellent product. I also want to say thank you for enabling me to work with Security Enhanced Linux.
Bill's organization of the material makes a huge difference. He breaks the subject down into easily understandable chunks. The reader can follow the simple road until everything makes sense. And, SE Linux does make sense. It should be implemented everywhere.
Another thing compelled me to get this book -- it's size. This is a relatively small book. I remember thinking that I could read it without spending two weeks in a study mode. I was right about that. I read it in quick order.
I especially like O'Reilly books. I aslo like Bill's editor, Andy Oram. With the two of them collaborating, you're going to get an interesting book, topics that flow well and a professional product worth much more than the list price.
I'm glad I found this book. I want to congratulate all parties involved for creating an excellent product. I also want to say thank you for enabling me to work with Security Enhanced Linux.
›
Amazon.comのカスタマーレビューを見る(11)
5つ星のうち 4.1
これらのレビューは参考になりましたか?
ご意見はクチコミでお聞かせください。
リストマニア
関連商品を探す
- 洋書 > Computers & Internet > Business & Culture
- 洋書 > Computers & Internet > Certification Central
- 洋書 > Computers & Internet > Computer Science
- 洋書 > Computers & Internet > Networking
- 洋書 > Computers & Internet > Operating Systems > Linux
- 洋書 > Computers & Internet > Operating Systems > Unix
- 洋書 > Computers & Internet > Programming
- 洋書 > Computers & Internet > Security & Encryption
- 洋書 > Computers & Internet > Software
- 洋書 > O'Reilly > Internet Security
- 洋書 > O'Reilly > Programming > General
- 洋書 > O'Reilly > Unix & Linux > General
- 洋書 > O'Reilly > Unix & Linux > Linux
- 洋書 > Special Features > all foreign books
フィードバック
- カタログ情報、または画像について報告
- 著者からのコメント
- 出版社からのコメント
|
