Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>Unix</strong> Security<br />
- exported filesystems and access to files<br />
/etc/exports<br />
/etc/netgroup<br />
- equivalent password data bases<br />
/etc/hosts.equiv<br />
- each node is in an administrative domain<br />
- control root and security on every node<br />
- consistent user name, uid and gid among nodes<br />
% rcp node2:/etc/passwd /tmp/passwd2<br />
% awk -F: '(printf "%s %s %s\n", $1, $3, $4)' \<br />
/tmp/passwd2 > /tmp/node2<br />
% awk -F: '(printf "%s %s %s\n", $1, $3, $4)' \<br />
/etc/passwd> /tmp/node1<br />
% diff /tmp/node2 /tmp/node1<br />
- permission settings on network control files<br />
/etc/networks<br />
/etc/hosts<br />
/etc/hosts.equiv<br />
/etc/services<br />
/etc/exports<br />
/etc/protocols<br />
/etc/netgroup<br />
/etc/inetd.conf<br />
Perspective on Security<br />
Access controls and auditing to prevent unauthorized access attempts (reading, modifying, deleting).<br />
Threats to computer security:<br />
- simple electronic intrusion<br />
- trust of authorized personnel<br />
- physical intrusion<br />
- persistent espionage by expert agents<br />
- tapping of communication lines<br />
physical security - locked doors, guards, alarms<br />
logical security - passwords, file permissions, audits<br />
Weak Points:<br />
- computers, networks, users, administrators<br />
Checklist on computer security:<br />
- who has access to passwords<br />
- remote access authorization<br />
- system administrator monitoring<br />
- assume worst about sensitive files<br />
- user responsibility for own actions<br />
Security packages:<br />
- repeated login attempts<br />
- monitor files requests<br />
Security for Users<br />
- Password security - /etc/passwd<br />
- File Permissions - directory, umask<br />
- Set User Id & Group ID<br />
205