Date: Thu, 26 Feb 1998 17:50:27 -0600 (CST) From: Shawn Leas <sleas@mn26hp6.honeywell.com> To: LOlayiwola <LOlayiwola@aol.com> Cc: questions@FreeBSD.ORG, Jamie Novak <jnovak@ixion.honeywell.com> Subject: Re: Unix System Security Message-ID: <Pine.HPP.3.96.980226172212.25941A-100000@mn26hp6.honeywell.com> In-Reply-To: <2c689b4f.34f5f716@aol.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 26 Feb 1998, LOlayiwola wrote: > Hello, > > I am a postgraduate student in London doing some research work on Unix system > security. OK, you picked a very deep subject. If you want to get into it, you should ask yourself a couple of questions. 1) What unix? (HPUX, AIX, Solaris, ...) If it is a commercial unix, they can come with proprietary security enhances (fixes) that you can get (buy). If it is a free unix, go with freebsd, or slackware if linux. 2) Local security, or network security. Obviously you are thinking of network security. There are fundamental questions regarding password aging that these question apply to, amung other things. > Can you please assist me with some answers to the following questions: I am a mere mortal concerning these matters, but I'll do my best to confuse you with my most intelligent sounding blither. > 1) What method(s) can a hacker use to intercept my password on a unix system > and the commands that could be used to achieve the interception. a) The interception is less than half of the worry. There are conditions where if you can cause files to be written by root proggies, there is a risk. Take a look at setuid root programs, and how they are programmed. If a setuid root program is not bullet proof, there is VERY BAD DANGER of someone on the system hacking root. Some C functions are considered unsafe for use in setuid programs by most security gurus. b) Imagine if someone tries to login as root, or tries to su, but they type in the password at the login prompt, and you have a failed login attempt by "<type root password here>" c) Of course you are aware of the dangers of typing your password over a network. To put it simply, you shouldn't. Use sshd/ssh. > 2) How could I as a security advisor advise a network administrator to cater > for this security problem. a). Look at CERT advisories, check your version of sendmail, look into /etc/securetty, limit usage of cron (cron.allow) b) Search yahoo or altavista or savvysearch for various hacking pages pertaining to the OS you're on. It's always a good start to see what the rest of the world sees too. c) And, don't run Win NT 4. Anyone who claims to be able to evaluate security on a system that allows for near infinite complexity (every file having ACL based permissions.) You can add any number of groups and people to a single file's ACL, and when taking into account the nature of nested group and user permissions also allowed, it is obfuscated at best. > 3)What steps in your opinion would I need to take to identify and repair the > possible damage assuming I had superuser(root) privelege to the server. Have good backups. That's it. Another thing with backups you might want to know, TAPES ARE SHIT. Always dupe your tapes for a serious data integrity. Also, if you are paranoid about fire, theft, the ham-burglar, your mom, store your dupes offsite. > > I thank you in advance for your time. > > Larry > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.HPP.3.96.980226172212.25941A-100000>