David A. Curry is a technically sophisticated, business-savvy information security professional with over 25 years of cross-industry experience in diverse security, privacy, and systems roles including security and privacy governance, risk management and analysis, legal and regulatory compliance, security incident response, professional services, software design, systems programming, and systems administration. He has held multiple senior-level positions with responsibility for envisioning, implementing, and maintaining the major components of information security programs, including policies and standards, risk management methodologies, training and awareness programs, legal and regulatory compliance, third party vendor security management, and security incident management.

Prior to his specialization in information security governance, David spent over ten years as a UNIX and TCP/IP systems programmer and systems administrator in the university/research sector. Some of the software he developed during that time is still in use today. He also spent five years in the professional security services field, where he worked with many cutting-edge security technologies and applications that are taken for granted today. He was a founding member of the world’s first commercial computer security incident response service, and the principal designer of the world’s first commercial real-time intrusion detection monitoring service. He is also the author of three successful technical books: two on the topic of UNIX systems programming, and one on UNIX system security.

David’s varied background gives him a unique ability to examine problems from both the “business” and “technical” perspectives and devise an appropriate solution that meets the requirements of all stakeholders—business and information technology. He believes that one of the most important characteristics of any information security program is that it must support the business goals of the company and enable work to get done in a time- and cost-effective manner. David’s background has also allowed him to develop oral and written presentation skills suitable for any audience—technical, non-technical, or executive—an ability which is demonstrated by his selection as one of the top-five presenters at the Information Security Forum’s worldwide conference four years in a row.

David holds a Bachelor’s degree in Computer Science from Purdue University and is a Certified Information Systems Security Professional (CISSP).

Because the UNIX system was originally designed by programmers for use by other programmers, it was used in an environment of open cooperation where security was of minimal concern. Now that its use has spread to universities, businesses, and government, the confidential and sensitive nature of the data stored on UNIX systems has made the security of these systems of paramount importance.

Despite all the technical papers and workshops on UNIX security, this book is unique. "UNIX System Security" is the first up-to-date source to provide the UNIX system user or administrator with the information needed to protect the data and system from unauthorized use. By following the procedures described in this book and making use of the C programs and shell scripts provided as examples, you can protect your UNIX system from most attackers.

The author begins by examining four high-profile breaches of UNIX security as illustrations of how a UNIX system can be attacked. He then provides the information necessary to protect against these forms of attack, and offers the tools that can be used to do so. Focusing on the most recent release of Berkeley and System V UNIX, and such vendor derivatives as SunOS and ULTRIX, the book gives information that can be applied to any version of UNIX since Seventh Edition.

Issues discussed include account and password security, securing the file system, encryption and authentication systems, TCP/IP network security, the Network Information Service (NIS), NFS, RFS, workstation security, terminals and modems, and UUCP. Other chapters describe how to respond if your system is attacked and how to develop a comprehensive security policy for your organization. The book also gives comprehensive lists of freely available security software, and publications and mailing lists dealing with UNIX security.