Overview of System Security
The first line of security defense is to control access to systems. You can control and monitor system access in the following ways.
Maintain physical site security.
Maintain login control.
Restrict access to data in files.
Maintain network control.
Monitor system use.
Set the path variable correctly.
Monitor setuid and setgid programs.
Track superuser (root) login.
Install a firewall.
Report security problems.
Use the Automated Security Enhancement Tool (ASET).
Use role-based access control (RBAC) to grant users rights to perform specific system administration tasks without full superuser access.
Maintaining Physical Site Security
To control access to systems, your company must maintain the physical security of the computer environment. For instance, if a user logs in to a system and leaves it unattended, anyone who can use that system can gain access to the operating system and the network. Be aware of your users' surroundings and educate users to physically protect the computers from unauthorized access.
Maintaining Login and Access Control
Use password and login control to restrict unauthorized logins to a system or to the network. All accounts on a system should have a password. A single account without a password makes your entire network accessible to anyone who knows or can guess a user name.
The Solaris Operating Environment restricts control of certain system devices to the user login account. Only a process running as superuser or console user can access a system mouse, keyboard, frame buffer, or audio device unless /etc/logindevperm is edited. See the logindevperm(4) manual page for more information.
Restricting Access to Data in Files
Use UNIX directory and file permissions to control access to the data on your users' systems. You may want to enable some people to read certain files and grant other people permission to change or delete certain files. You may have data that you do not want anyone else to see. See “File Security” for information on how to set file permissions.
Maintaining Network Control
Computers are often part of a configuration of systems called a network. A network enables connected systems to exchange information and access data and other resources that are available from systems connected to the network. Networking has created a powerful and sophisticated way of computing. However, networking introduces the opportunity for breaches in computer security.
For example, within a network of computers, individual systems are open to enable sharing of information. Because many people have access to the network, the opportunity for unwanted access is increased, especially through user error, such as a poor choice of passwords.
Monitoring System Use
Be aware of all aspects of the systems that are your responsibility, including the following.
What is the normal load?
Who has access to the system?
When do individuals access the system?
Use the available tools to audit system use and monitor the activities of individual users. Monitoring is useful when you suspect a breach in security.
Setting the Correct Path
Path variables are important. They can prevent users from accidentally running a program introduced by someone else that harms data on a system. A program that creates a security hazard is referred to as a Trojan horse. For example, a substitute switch user (su) program could be placed in a public directory where you, as system administrator, might run it. Such a script would look like the regular su command that you use to gain superuser access. Because it removes itself after execution, it is difficult to tell that you have actually run a Trojan horse.
The path variable is automatically set at login time through the .login, .profile, and .cshrc startup files. Set up the user search path so that the current directory (.) comes last to prevent you or your users from running this type of Trojan horse. Never include a publicly writable directory in root's search path. The path variable for superuser should not include the current directory at all. The ASET command examines the startup files to ensure that the path variable is set up correctly and that it does not contain a dot (.) entry. See Chapter 21, “Using the Automated Security Enhancement Tool (ASET),” for more information.
Monitoring setuid and setgid Programs
Many executable programs must be run as root or superuser to work properly. These executables run with the UID set to 0 (setuid=0). Anyone running these programs runs them with the root ID, which creates a potential security problem if the programs are not written with security in mind.
You should not allow the use of setuid programs except for executables shipped with setuid to root. At the least, you should restrict and keep these programs to a minimum.
 | Setgid programs enable a running program to change its group ID from that of the user running to the group ID of the running program, which creates a potential security problem if the programs are not written with security in mind. Setgid programs are just as dangerous as setuid programs. |
Installing a Firewall
Another way to protect your network is to use a firewall or secure gateway system. A firewall is a dedicated system that separates two networks, each of which approaches the other as untrusted. Consider a firewall setup as mandatory between your internal network and any external networks, such as the Internet, with which you want internal network users to communicate.
A firewall can also be useful between some internal networks. For example, the firewall or secure gateway computer does not send a packet between two networks unless the gateway computer is the origin or the destination address of the packet. Set up a firewall to forward packets for particular protocols only. For example, you may allow packets for transferring mail, but not for telnet or rlogin. The ASET command, when run at high security, disables the forwarding of Internet Protocol (IP) packets. See Chapter 21, “Using the Automated Security Enhancement Tool (ASET),” for more information.
Reporting Security Problems
If you experience a suspected security breach, you can contact the Computer Emergency Response Team/Coordination Center (CERT/CC), which is a project funded by the Defense Advanced Research Projects Agency (DARPA) located at the Software Engineering Institute at Carnegie Mellon University. It can assist you with any security problems you are having. It can also direct you to other CERTs that may be more appropriate for your particular needs. You can contact them in the following ways.
CERT/CC 24-hour hotline: 412-268-7090.
E-mail: [email protected].URL: http://www.cert.org/.
Using the Automated Security Enhancement Tool (ASET)
The automated security enhancement tool (ASET) enables you to monitor and control system security by automatically performing tasks that you would otherwise do manually.
ASET consists of seven tasks, each performing specific checks and adjustments to file systems.
System files permissions verification.
System files checks.
User/group checks
System configuration files check.
Environment check.
EEPROM check.
Firewall setup.
The ASET tasks tighten file permissions, check the contents of critical system files for security weaknesses, and monitor crucial areas. ASET can safeguard a network by applying the basic requirements of a firewall system to a system that serves as a gateway system. See Chapter 21, “Using the Automated Security Enhancement Tool (ASET),” for more information.
Using Role-Based Access Control (RBAC)
Role-based access control (RBAC)—introduced in the Solaris 8 release and enhanced with a set of graphical user interface tools in the Solaris 8 Version 3 release—enables the primary administrator (one with root privileges) to divide superuser capabilities into several packages and assign them separately to individuals sharing administrative responsibilities. When you separate superuser privileges with RBAC, users can have a variable degree of access and you can control delegation of privileged operations to other users. See Chapter 23, “Role-Based Access Control,” for more information.