Results 1 to 6 of 6

Thread: Unix Security Tutorial

  1. #1
    Banned
    Join Date
    Sep 2001
    Posts
    113

    Unix Security Tutorial

    Source: http://www.unixtools.com/security.html

    Unix Computer Security
    This document shows system administrators how to secure their systems better. There are no guarantees of its completeness. In addition, the author takes no responsibility if a person misuses this information. There are many versions of Unix. This paper gives examples for HP-UX.

    For a shortened version, please see our security checklist


    Physical Security * Network Security * Account Security
    File System Security * Testing Security * Security Websites
    Security Books * UnixTools.com Home
    Physical Security

    Often the subject of internal security is overlooked. However, often it is fairly easy for someone to get access to systems they are not supposed to have access by simply walking up to a valid users desk. This can be the cleaning staff or a disgruntled (ex)employee making a visit. This is the easiest type of security to implement and should definitely be included in any security plan.

    Console security
    Machines and consoles need to be secure. A person can simply turn off a computer if one has access to it. If they have access to the console, they can often interrupt the boot process to get access to the root prompt. If this doesn't work, they can keep guessing the root password in hopes of compromising the system. For these reasons (and more), the computers and associated consoles should be kept in a secure room. A limited number of people should have access to this room, of course with a limited number of keys. Some places actually have security guards let people into the computer rooms for guaranteed secure access.

    If your data is sensitive, be certain to verify that there are no alternative methods for getting into the room. This includes hidden spare keys in an unsecured place, gaps in the raised floors that go past the locked access point, and space above the ceilings.


    Data Security
    Companies that value their data need a detailed backup recovery scheme. This includes on site backups for least amount of down time, a copy of this data off site in case of computer room disasters, as well as contingency plans in place. Unfortunately, an easy way to get access to a companies data is to gain access to backup tapes and sensitive printouts. Hence, all sensitive information should be stored in locked cabinets. Backup tapes sent off site should be in locked containers. Old sensitive printouts and tapes should be destroyed.

    To protect against computer damage from power outages (and spikes), be certain to have your computers on a UPS. This provides consistent power, protects against outages, as well as protects the computer from power spikes. Ideally, there should be a backup generator for production systems. For non-production systems, there should be a automatic way to shutdown the computer if the power has switched to the UPS for more than 1/2 the time the UPS is rated to supply.

    To prevent snooping, secure network cables from exposure.


    Users practice secure measures
    Always have users lock their screen when away from their desk. It is best if they log off of their terminal/workstation at night. There should be no written passwords or password hints on a users desk. If users are using X, verify that they are using xauth/xhost to prevent others from reading their screen.


    NO welcome banner on site
    Court cases have shown that initial banners must NOT say "welcome".
    Your banner should say something like: "Only authorized access allowed; violators will be prosecuted". In addition, change /etc/issue to NOT include the machine type/OS revision.

    Source: http://www.unixtools.com/security.html

  2. #2
    Senior Member
    Join Date
    Jun 2002
    Posts
    405
    This is a place for AntiOnline users to post original tutorials that they've written about a variety of subjects.
    The Tutorials Forum: READ ME FIRST!

  3. #3
    Antionline's Security Dude instronics's Avatar
    Join Date
    Dec 2002
    Posts
    901
    Hmm, a unix security tutorial in just one page. Hows that possible? And except the title, what has unix got to do with all this? Dont get me wrong, but please put a few hundred pages of more detail when it comes to a unix security tutorial. The topic Unix is immense, and the topic security is even larger. My apologies if this seems like im flaming, just a thought though.

    Good luck on your tuts to come.

    Cheers.
    Ubuntu-: Means in African : "Im too dumb to use Slackware"

  4. #4
    Banned
    Join Date
    Jul 2002
    Posts
    877
    powertoad5000 Lots of peaple post un-original tutorials but relax, man. I mean... atleast he shown his source instead of takeing full credit for it.

    P.S. Instronics, you often talk about how I took the words out of your mouth oh well I guess its my turn now.... But yeah like you were saying: "And except the title, what has unix got to do with all"... For real man.

    Though small bits of the post could be reffering to a *nix box... most of this stuff is based on just plain old common sense. I checked the site and it ain't 'THAT' bad... Maybe it would have been more acceptable to my fellow AOers if you'd just say "hey everyone checkout this cool site" then left the URL.

  5. #5
    Senior Member
    Join Date
    Jun 2002
    Posts
    405
    |The|Specialist: Regardless of what anyone else does, the announcement still stands. It's far less of an issue when the person in question a) only posts the very occasional tutorial, and b) the tutorial is worth reading. As stated by instronics, it's not like this tutorial applies just to Unix (much less a specific version of Unix like HP-UX), since most of it is common sense stuff which applies to all OS's - the only *nix specific element mentioned being X. Also this guy has posted several other tutorials from other sites, and it was made pretty clear in the other threads that he shouldn't be posting tutorials that are simply c&p's from other sites (I realise he quoted a source).

  6. #6
    AO Security for Non-Geeks tonybradley's Avatar
    Join Date
    Aug 2002
    Posts
    830
    Dont get me wrong, but please put a few hundred pages of more detail when it comes to a unix security tutorial. The topic Unix is immense, and the topic security is even larger.
    Slightly off topic from the tutorial, but along the lines of a real Unix security tutorial, I highly recommend the book Practical Unix & Internet Security - 3rd Edition which was released recently by O'Reilly.

    I'm probably preaching to the choir- I certainly didn't "discover" the book. Anyway, I think all security admins- Unix, Windows or any other platform- should have this book in arm's reach on their desk.

    <No - I am not being paid commission by O'Reilly >

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •