Chapter 14

Managing System Security (Overview)

Keeping a system's information secure is an important system administration responsibility. This chapter provides overview information about managing system security at the file, system, and network level.

This is a list of the overview information in this chapter.

Controlling Access to a Computer System

At the file level, the SunOS operating system provides some standard security features that you can use to protect files, directories, and devices. At the system and network levels, the security issues are mostly the same. In the workplace, a number of systems that are connected to a server can be thought of as one large multifaceted system. The system administrator is responsible for the security of this larger system or network. Not only is it important to defend the network from outsiders who are trying to gain access to the network, but it is also important to ensure the integrity of the data on the systems within the network.

The first line of security defense is to control access to your system. You can control and monitor system access by doing the following:

Maintaining physical site security
Maintaining login control
Restricting access to data in files
Maintaining network control
Monitoring system usage
Setting the path variable correctly
Securing files
Installing a firewall
Reporting security problems

Maintaining Physical Site Security

To control access to your system, you must maintain the physical security of your computing environment. For instance, if a system is logged in and left unattended, anyone who can use that system can gain access to the operating system and the network. You need to be aware of your computer's surroundings and physically protect it from unauthorized access.

Maintaining Login Control

You also must restrict unauthorized logins to a system or the network, which you can do through password and login control. All accounts on a system should have a password. An account without a password makes your entire network accessible to anyone who can guess a user name.

Solaris software restricts control of certain system devices to the user login account. Only a process that is running as superuser or console user can access a system mouse, keyboard, frame buffer, or audio device unless the /etc/logindevperm file is edited. For more information, see logindevperm(4).

Restricting Access to Data in Files

After you have established login restrictions, you can control access to the data on your system. You might want to allow some users to read some files, and give other users permission to change or delete some files. You might have some data that you do not want anyone else to see. Chapter 15, Securing Files (Tasks) discusses how to set file permissions.

Maintaining Network Control

Computers are often part of a configuration of systems called a network. A network allows connected systems to exchange information and access data and other resources that are available from systems connected to the network. Networking has created a powerful and sophisticated way of computing. However, networking has also jeopardized computer security.

For instance, within a network of computers, individual systems are open to allow sharing of information. Also, because many people have access to the network, there is more chance for allowing unwanted access, especially through user error (for example, through a poor use of passwords).

Monitoring System Usage

As system administrator, you need to monitor system activity, being aware of all aspects of your systems, including the following:

What is the normal load?
Who has access to the system?
When do individuals access the system?

With this kind of knowledge, you can use the available tools to audit system use and monitor the activities of individual users. Monitoring is very useful when there is a suspected breach in security.

Setting the Correct Path

It is important to set your path variable correctly. Otherwise, you can accidentally run a program that was introduced by someone else that harms your data or your system. This kind of program, which creates a security hazard, is referred to as a "Trojan horse." For example, a substitute su program could be placed in a public directory where you, as system administrator, might run it. Such a script would look just like the regular su command. Since the script removes itself after execution, it is hard to tell that you have actually run a Trojan horse.

The path variable is automatically set at login time through the startup files: .login, .profile, and .cshrc. Setting up the user search path so that the current directory (.) comes last prevents you or your users from running this type of Trojan horse. The path variable for superuser should not include the current directory at all. The Automated Security Enhancement Tool (ASET) examines the startup files to ensure that the path variable is set up correctly and that it does not contain a dot (.) entry.

Securing Files

Since the SunOS operating system is a multiuser system, file system security is the most basic, and most important, security risk on a system. You can use both the traditional UNIX file protection or the more secure access control lists (ACLs) to protect your files.

Also, many executable programs have to be run as root (that is, as superuser) to work properly. These executables run with the user ID set to 0 (setuid=0). Anyone who is running these programs runs them with the root ID, which creates a potential security problem if the programs are not written with security in mind.

Except for the executables that are shipped with the setuid bit set to root, you should disallow the use of setuid programs, or at least restrict them and keep them to a minimum.

Installing a Firewall

Another way to protect your network is to use a firewall or secure gateway system. A firewall is a dedicated system that separates two networks, each of which approaches the other as untrusted. You should consider this setup as mandatory between your internal network and any external networks, such as the Internet, with which you want internal network users to communicate.

A firewall can also be useful between some internal networks. For example, the firewall or secure gateway computer will not send a packet between two networks unless the gateway computer is the origin or the destination address of the packet. A firewall should also be set up to forward packets for particular protocols only. For example, you can allow packets for transferring mail, but not those packets for the telnet or rlogin command. ASET, when run at high security, disables the forwarding of Internet Protocol (IP) packets.

Reporting Security Problems

If you experience a suspected security breach, you can contact the Computer Emergency Response Team/Coordination Center (CERT/CC). CERT/CC is a Defense Advanced Research Projects Agency (DARPA) funded project that is located at the Software Engineering Institute at Carnegie Mellon University. This agency can assist you with any security problems you are having. This agency can also direct you to other Computer Emergency Response Teams that might be more appropriate for your particular needs. You can call CERT/CC at its 24-hour hotline: (412) 268-7090, or contact the team by email at cert@cert.sei.cmu.edu.


	Chapter 14 Managing System Security (Overview) Keeping a system's information secure is an important system administration responsibility. This chapter provides overview information about managing system security at the file, system, and network level. This is a list of the overview information in this chapter. "Controlling Access to a Computer System" "File Security" "System Security" "Network Security" Controlling Access to a Computer System At the file level, the SunOS operating system provides some standard security features that you can use to protect files, directories, and devices. At the system and network levels, the security issues are mostly the same. In the workplace, a number of systems that are connected to a server can be thought of as one large multifaceted system. The system administrator is responsible for the security of this larger system or network. Not only is it important to defend the network from outsiders who are trying to gain access to the network, but it is also important to ensure the integrity of the data on the systems within the network. The first line of security defense is to control access to your system. You can control and monitor system access by doing the following: Maintaining physical site security Maintaining login control Restricting access to data in files Maintaining network control Monitoring system usage Setting the path variable correctly Securing files Installing a firewall Reporting security problems Maintaining Physical Site Security To control access to your system, you must maintain the physical security of your computing environment. For instance, if a system is logged in and left unattended, anyone who can use that system can gain access to the operating system and the network. You need to be aware of your computer's surroundings and physically protect it from unauthorized access. Maintaining Login Control You also must restrict unauthorized logins to a system or the network, which you can do through password and login control. All accounts on a system should have a password. An account without a password makes your entire network accessible to anyone who can guess a user name. Solaris software restricts control of certain system devices to the user login account. Only a process that is running as superuser or console user can access a system mouse, keyboard, frame buffer, or audio device unless the `/etc/logindevperm` file is edited. For more information, see `logindevperm`(4). Restricting Access to Data in Files After you have established login restrictions, you can control access to the data on your system. You might want to allow some users to read some files, and give other users permission to change or delete some files. You might have some data that you do not want anyone else to see. Chapter 15, Securing Files (Tasks) discusses how to set file permissions. Maintaining Network Control Computers are often part of a configuration of systems called a network. A network allows connected systems to exchange information and access data and other resources that are available from systems connected to the network. Networking has created a powerful and sophisticated way of computing. However, networking has also jeopardized computer security. For instance, within a network of computers, individual systems are open to allow sharing of information. Also, because many people have access to the network, there is more chance for allowing unwanted access, especially through user error (for example, through a poor use of passwords). Monitoring System Usage As system administrator, you need to monitor system activity, being aware of all aspects of your systems, including the following: What is the normal load? Who has access to the system? When do individuals access the system? With this kind of knowledge, you can use the available tools to audit system use and monitor the activities of individual users. Monitoring is very useful when there is a suspected breach in security. Setting the Correct Path It is important to set your path variable correctly. Otherwise, you can accidentally run a program that was introduced by someone else that harms your data or your system. This kind of program, which creates a security hazard, is referred to as a "Trojan horse." For example, a substitute `su` program could be placed in a public directory where you, as system administrator, might run it. Such a script would look just like the regular `su` command. Since the script removes itself after execution, it is hard to tell that you have actually run a Trojan horse. The path variable is automatically set at login time through the startup files: `.login`, `.profile`, and `.cshrc`. Setting up the user search path so that the current directory (.) comes last prevents you or your users from running this type of Trojan horse. The path variable for superuser should not include the current directory at all. The Automated Security Enhancement Tool (ASET) examines the startup files to ensure that the path variable is set up correctly and that it does not contain a dot (.) entry. Securing Files Since the SunOS operating system is a multiuser system, file system security is the most basic, and most important, security risk on a system. You can use both the traditional UNIX file protection or the more secure access control lists (ACLs) to protect your files. Also, many executable programs have to be run as `root` (that is, as superuser) to work properly. These executables run with the user ID set to 0 (`setuid=0`). Anyone who is running these programs runs them with the `root` ID, which creates a potential security problem if the programs are not written with security in mind. Except for the executables that are shipped with the `setuid` bit set to `root`, you should disallow the use of `setuid` programs, or at least restrict them and keep them to a minimum. Installing a Firewall Another way to protect your network is to use a firewall or secure gateway system. A firewall is a dedicated system that separates two networks, each of which approaches the other as untrusted. You should consider this setup as mandatory between your internal network and any external networks, such as the Internet, with which you want internal network users to communicate. A firewall can also be useful between some internal networks. For example, the firewall or secure gateway computer will not send a packet between two networks unless the gateway computer is the origin or the destination address of the packet. A firewall should also be set up to forward packets for particular protocols only. For example, you can allow packets for transferring mail, but not those packets for the `telnet` or `rlogin` command. ASET, when run at high security, disables the forwarding of Internet Protocol (IP) packets. Reporting Security Problems If you experience a suspected security breach, you can contact the Computer Emergency Response Team/Coordination Center (CERT/CC). CERT/CC is a Defense Advanced Research Projects Agency (DARPA) funded project that is located at the Software Engineering Institute at Carnegie Mellon University. This agency can assist you with any security problems you are having. This agency can also direct you to other Computer Emergency Response Teams that might be more appropriate for your particular needs. You can call CERT/CC at its 24-hour hotline: (412) 268-7090, or contact the team by email at `cert@cert.sei.cmu.edu`.