IT Baseline Protection Manual - The Information Warfare Site

Safeguard Catalogue - Hardware & Software Remarks
____________________________________________________________________ .........................................
S 4.9 Use of the security mechanisms of X Windows
Initiation responsibility: IT Security Management, Administrators
Implementation responsibility: Administrators
Release 5 of the X Window software offers only a few features enhancing
security in case of data transmission between the X server and the X client;
hence use of X Windows software can only be recommended for secure
environments.
- Computer-specific access control: Each X server comprises a list of
approved computers, which can be altered with the xhost command. It is
essential that this is confined to those computers which really need access
to the X server; under no circumstances should universal access with
xhost + be allowed. This can be achieved by explicitly entering computers
in the xhost table. Moreover, it should be borne in mind that every user has
unrestricted access to the X server on one of the computers that have been
approved. This type of access control can therefore only be recommended
when there are compelling reasons as to why none of the security
mechanisms listed below can be used.
- User-specific access control: The X server process can be configured in
such a way that in case of a log-in (e.g. by means of xdm) a key will be
generated which will be used for authentication for transmission between a
client and a server. This key (MAGIC COOKIE) is filed in the home directory
of the user in the .Xauthority file and can, by means of the xauth command,
also be transmitted to the X client. Whilst, however, the MIT MAGIC COOKIE
mechanism must be regarded only as a type of password which can be
intercepted during transmission, a mechanism offered in conjunction with
NIS and working with a form of DES encryption offers greater security and
should therefore be used wherever possible.
- Access control via Secure Shell: communication between X client and X
server can also take place over a protected channel of an ssh connection
(see also S 5.64 Use of Secure Shell). The result is both a computer-based
and also a user-based access control system. The authentication and user
data is encrypted. If X Windows is to be securely operated, the use of
Secure Shell is therefore recommended.
It is possible for keyboard inputs at a remote terminal to be translated into
plain text and viewed under X Windows with an additional program. When
using the xterm program forwarding of keyboard inputs by suppressing
transmission of KeyPress events to other applications can be prevented. To
ensure that only the corresponding window has access to the keyboard, the
secure keyboard option must be enabled from the xterm menu.
Additional controls:
- Are steps taken to prevent users from disabling the computer-specific
access control system via the command xhost +?
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000
xhost command
MIT-MAGIC-COOKIE
NIS authentication
DMA channel
Eavesdropping of
keyboard inputs