UNIX and Security

Achieving UNIX security

• Detecting intrusions with audits and logs
• Avoiding security loopholes
• Discovering software vulnerabilities and configuration errors

Protecting data and systems with cryptography

• Pretty Good Privacy (PGP)
• Gnu Privacy Guard (GnuPG)
• Authenticity and integrity through digital signatures and cryptographic hashes

Protecting User Accounts and Strengthening Authentication

Controlling secure account usage

• The UNIX login process
• Enforcing password quality and account use policy
• Controlling access with Pluggable Authentication Modules (PAM)
• Logging all account access and login failures

Monitoring and disabling accounts

• Tracking account usage
• Managing user and group IDs
• How and when to disable accounts

Logging in across the network

• Risks of application protocols
• Providing strong user authentication with cryptography and tokens
• Tunneling application protocols through SSH

Reducing Exposure to Threats by Limiting Superuser Privileges

Controlling root access

• Configuring secure terminals
• Preventing insecure network access
• Gaining root privileges with su
• Using groups instead of root identity

Auditing superuser activity

• Limiting access to privileged accounts
• Detecting misuse and attacks with log files

Role-based access control (RBAC)

• Risks of UNIX all-or-nothing access
• RBAC in Solaris
• Adding RBAC with sudo

Safeguarding Vital Data by Securing Local and Network File Systems

Directory structure and partitioning for security

• Files, directories, devices and links
• Employing read-only file systems
• Ownership and access permissions
• Immutable and append-only files
• Identifying NFS vulnerabilities

Backup and integrity testing

• Safeguarding backed-up data
• Detecting intrusions with Tripwire

Hardening UNIX systems

• Increasing information assurance with yassp, TITAN and Bastille
• Scanning for network vulnerabilities with Nessus
• Detecting weak configuration choices with Sussen

Avoiding the Exploitation of Programs

Risks from unwanted program execution

• Starting programs surreptitiously
• Running programs as other users
• Scheduling jobs with cron and at
• Minimizing start-up script vulnerabilities

Reacting to attacks and intrusions

• Finding signs of intrusion in syslog data
• Analyzing a compromised system
• Reducing the effects of buffer overflow exploits

Minimizing Threats to Network Services

TCP/IP and its security loopholes

• Sniffing passwords with Ethereal and dsniff
• Testing network exposure with netstat, lsof and nmap

Securing internal network services

• Enabling enhanced logging
• Configuring OpenSSH and OpenSSL
• Network authentication using Kerberos
• X Window System vulnerabilities/solutions

Safely connecting to external networks

• Controlling and logging server access with TCP wrappers and xinetd
• Reducing information leakage
• Securing FTP, e-mail and Web access