Sun Microsystems, Inc.
spacerspacer
spacer www.sun.com docs.sun.com |
spacer
black dot
 
 
14.  Managing System Security (Overview) System Security Using the Restricted Shell  Previous   Contents   Next 
   
 

Tracking Superuser (Root) Login

Your system requires a root password for superuser mode. In the default configuration, a user cannot remotely log in to a system as root. When logging in remotely, a user must log in as himself or herself and then use the su command to become root. This setup enables you to track who is using superuser privileges on your system.

Monitoring Who is Becoming Superuser or Other Users

You have to use the su command to change to another user, for example, if you want to become superuser. For security reasons, you can monitor who has been using the su command, especially those users who are trying to gain superuser access.

For detailed instructions, see "How to Monitor Who Is Using the su Command".

Network Security

The more available access is across a network, the more advantageous it is for networked systems. However, free access and the sharing of data and resources create security problems. Network security is usually based on limiting or blocking operations from remote systems. The following figure describes the security restrictions that you can impose on remote operations.

Figure 14-1 Security Restrictions for Remote Operations

Firewall Systems

You can set up a firewall system to protect the resources in your network from outside access. A firewall system is a secure host that acts as a barrier between your internal network and outside networks.

The firewall has two functions. The firewall acts as a gateway that passes data between the networks, and it acts as a barrier that blocks the free passage of data to and from the network. The firewall requires a user on the internal network to log in to the firewall system to access hosts on remote networks. Similarly, a user on an outside network must log in to the firewall system before being granted access to a host on the internal network.

In addition, all electronic mail that is sent from the internal network is sent to the firewall system for transfer to a host on an external network. The firewall system receives all incoming electronic mail, and distributes it to the hosts on the internal network.


Caution - A firewall prevents unauthorized users from accessing the hosts on your network. You should maintain strict and rigidly enforced security on the firewall, but security on other hosts on the network can be more relaxed. However, an intruder who can break into your firewall system can then gain access to all the other hosts on the internal network.


A firewall system should not have any trusted hosts. A trusted host is a host from which a user can log in without being required to type in a password. A firewall system should not share any of its file systems, or mount any file systems from other servers.

ASET can be used to make a system into a firewall, and to enforce high security on a firewall system, as described in Chapter 20, Using the Automated Security Enhancement Tool (Tasks).

Packet Smashing

Most local area networks transmit data between computers in blocks called packets. Through a procedure called packet smashing, unauthorized users can harm or destroy data. Packet smashing involves capturing the packets before they reach their destination, injecting arbitrary data into the contents, and then sending the packets back on their original course. On a local area network, packet smashing is impossible because packets reach all systems, including the server, at the same time. Packet smashing is possible on a gateway, however, so make sure that all gateways on the network are protected.

The most dangerous attacks are those attacks that affect the integrity of the data. Such attacks involve changing the contents of the packets or impersonating a user. Attacks that involve eavesdropping--recording conversations and replaying them later without impersonating a user--do not compromise data integrity. These attacks do affect privacy, however. You can protect the privacy of sensitive information by encrypting data that goes over the network.

Authentication and Authorization

Authentication is a way to restrict access to specific users when they access a remote system, which can be set up at both the system level or network level. Once a user gains access to a remote system, authorization is a way to restrict operations that the user can perform on the remote system. The following table lists the types of authentications and authorizations that can help protect your systems on the network against unauthorized use.

Table 14-4 Types of Authentication and Authorization for Remote Access

Type

Description

Where to Find Information

LDAP and NIS+

The LDAP directory service and the NIS+ name service can provide both authentication and authorization at the network level.

System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP) and System Administration Guide: Naming and Directory Services (FNS and NIS+)

Remote login commands

The remote login commands (rlogin, rcp, ftp) enable users to log in to a remote system over the network and use its resources. If you are a "trusted host," authentication is automatic. Otherwise, you are asked to authenticate yourself.

"Accessing Remote Systems (Tasks)" in System Administration Guide: Resource Management and Network Services

Secure RPC

Secure RPC improves the security of network environments by authenticating users who make requests on remote systems. You can use either the UNIX, DES, or Kerberos authentication system for Secure RPC.

"Overview of Secure RPC"

 

Secure RPC can also be used to provide additional security to the NFS environment, called Secure NFS.

"NFS Services and Secure RPC"

DES encryption

The Data Encryption Standard (DES) encryption functions use a 56-bit key to encrypt a secret key.

"DES Encryption"

Diffie-Hellman authentication

This authentication method is based on the ability of the sending system to use the common key to encrypt the current time, which the receiving system can decrypt and check against its current time.

"Diffie-Hellman Authentication"

Kerberos

Kerberos uses DES encryption to authenticate a user when logging in to the system.

Chapter 3, Using Authentication Services (Tasks)

Sharing Files

A network file server can control which files are available for sharing. A network file server can also control which clients have access to the files, and what type of access is permitted for those clients. In general, the file server can grant read and write access or read-only access either to all clients or to specific clients. Access control is specified when resources are made available with the share command.

A server can use the /etc/dfs/dfstab file to list the file systems that it makes available to clients on the network. For more information about sharing file systems, see "Automatic File-System Sharing" in System Administration Guide: Resource Management and Network Services.

Restricting Superuser (Root) Access

In general, superuser is not allowed root access to file systems that are shared across the network. Unless the server specifically grants superuser privileges, a user who is logged in as superuser on a client cannot gain root access to files that are remotely mounted on the client. The NFS system implements this strategy by changing the user of the requester to the user, nobody (user ID 60001). The access rights of user nobody are the same as those access rights that are given to the public or a user without credentials. For example, if the public has only execute permission for a file, then user nobody can only execute that file.

An NFS server can grant superuser privileges on a shared file system on a per-host basis by using the root=hostname option to the share command.

Using Privileged Ports

If you do not want to run Secure RPC, a possible substitute is the Solaris "privileged port" mechanism. A privileged port is assigned with a port number of less than 1024. After a client system has authenticated the client's credential, it builds a connection to the server by using the privileged port. The server then verifies the client credential by examining the connection's port number.

Non-Solaris clients, however, might be unable to communicate by using the privileged port. If they cannot, you see an error message similar to the following:

"Weak Authentication
NFS request from unprivileged port"

Using the Automated Security Enhancement Tool (ASET)

The ASET security package provides automated administration tools that enable you to control and monitor your system's security. You specify a security level (low, medium, or high) at which ASET will run. At each higher level, ASET's file-control functions increase to reduce file access and tighten your system security.

For more information, see Chapter 20, Using the Automated Security Enhancement Tool (Tasks).

 
 
 
  Previous   Contents   Next