|Previous||Table of Contents||Next|
Computers are often part of a configuration of systems called a network. A network enables connected systems to exchange information and access data and other resources that are available from systems connected to the network. Networking has created a powerful and sophisticated way of computing. However, networking introduces the opportunity for breaches in computer security.
For example, within a network of computers, individual systems are open to enable sharing of information. Because many people have access to the network, the opportunity for unwanted access is increased, especially through user error, such as a poor choice of passwords.
Be aware of all aspects of the systems that are your responsibility, including the following:
Use the available tools to audit system use and monitor the activities of individual users. Monitoring is useful when you suspect a breach in security.
Path variables are important. They can prevent users from accidentally running a program introduced by someone else that harms data on a system. A program that creates a security hazard is referred to as a Trojan horse. For example, a substitute switch user (su) program could be placed in a public directory where you, as system administrator, might run it. Such a script would look like the regular su command that you use to gain superuser access. Because it removes itself after execution, it is difficult to tell that you have actually run a Trojan horse.
The path variable is automatically set at login time through the .login, .profile, and .cshrc startup files. Setting up the user search path so that the current directory (.) comes last prevents you or your users from running this type of Trojan horse. Never include a publicly writable directory in root's search path. The path variable for superuser should not include the current directory at all. The ASET utility examines the startup files to ensure that the path variable is set up correctly and that it does not contain a dot (.) entry. For more information about ASET, see Chapter 20, Using the Automated Security Enhancement Tool (ASET).
Many executable programs must be run as root or superuser to work properly. These executables run with the UID set to 0 (setuid=0). Anyone running these programs runs them with the root ID, which creates a potential security problem if the programs are not written with security in mind.
You should not allow the use of setuid programs except for executables shipped with setuid to root. At the least, you should restrict and keep these programs to a minimum.
Another way to protect your network is to use a firewall or secure gateway system. A firewall is a dedicated system that separates two networks, each of which approaches the other as untrusted. Consider a firewall setup as mandatory between your internal network and any external networks, such as the Internet, with which you want internal network users to communicate.
A firewall can also be useful between some internal networks. For example, the firewall or secure gateway computer does not send a packet between two networks unless the gateway computer is the origin or the destination address of the packet. Set up a firewall to forward packets for particular protocols only. For example, you may allow packets for transferring mail, but not for telnet or rlogin. The ASET utility, when run at high security, disables the forwarding of Internet Protocol (IP) packets. For more information about ASET, see Chapter 20.
If you experience a suspected security breach, you can contact the Computer Emergency Response Team/Coordination Center (CERT/CC), which is a Defense Advanced Research Projects Agency (DARPA) funded project located at the Software Engineering Institute at Carnegie Mellon University. It can assist you with any security problems you are having. It can also direct you to other CERTs that may be more appropriate for your particular needs. You can contact them in the following ways:
All of the users logged into the SunOS 5.x operating system can read and use files belonging to one another as long as they have permission to do so. UNIX file security is based on a combination of user classes and file and directory permissions, as described briefly in the following sections.
NOTE: In most cases, you can keep sensitive files in an inaccessible directory (700 mode) and make the file unreadable by others (600 mode). However, anyone who guesses your password or has access to the root password can read and write to that file. In addition, the sensitive file is preserved on backup tapes every time you back up the system.
All Solaris 2.x system software users in the United States have an additional layer of security available—the optional file encryption kit. The encryption kit includes the crypt command, which scrambles the data to disguise the text.
In addition to basic UNIX file security, you can implement Access Control Lists (ACLs, pronounced ackkls) to provide greater control over file permissions. For more information about ACLs, see Access Control Lists (ACLs) on page 406
Each UNIX file has three classes of users:
Only the owner of the file or root can assign or modify file permissions
|Previous||Table of Contents||Next|