150 likes | 314 Views
UNIX SECURITY. Presented by Lisa Outlaw, CISA Information Systems Audit Supervisor. A BRIEF OVERVIEW. “Need to Know Basis” Baseline User Account Administration Password Administration Group or Role Administration File Permissions on Critical Files UMASK SUID & SGID Cron Syslog
E N D
UNIX SECURITY Presented by Lisa Outlaw, CISA Information Systems Audit Supervisor
A BRIEF OVERVIEW • “Need to Know Basis” • Baseline • User Account Administration • Password Administration • Group or Role Administration • File Permissions on Critical Files • UMASK • SUID & SGID • Cron • Syslog • Services • Patches • Conclusion
Need to Know Basis • When setting up security on your Unix systems, ensure that security is set up on a need to know need to use basis.
Baseline • A Baseline ensures that security policies are implemented consistently and completely across various platforms. • Should be in a written form • Include specific instructions to achieve security on a specific server.
User Account Administration • User Account Policies should address: • Immediate deactivation of Users Accounts for terminated employees • Superuser account procedures • Contractors Accounts • Naming Conventions for User accounts
Password Administration • 60 to 90 day expiration for ordinary users • 30 day password expiration for superusers • Do not allow password sharing • Set minimum password lengths to at least 6 characters
Group or Role Administration • Assign users with like responsibilities to groups
File Permissions on Critical Files • Unix controls access to files, programs, and all other resources via file permissions. • Unix permission are controlled by three categories: Owner, Group, and World • Each category has the ability to either READ, WRITE, and/or EXECUTE Unix files or resources • Ex. –rwxr-x--x
UMASK • Ensure that your UMASK settings automatically assigns each newly created file with the most secure file permission.
SUID & SGID • SUID and SGID files allow the World user to temporarily assume the permissions of the Owner or Group users while using the program.
CRON • Cron is the Unix Job scheduler • Many system administrators use the Cron to perform automatic full or incremental back-ups of the systems. • The Cron can also be used to email log files, clean up file system etc.
Syslog • The syslog utility allows systems administrators to log various events occurring on the Unix system. • If Syslog is configured correctly, Unix can log many security events without the use of a third party plug-in.
Services • The inetd.conf file controls the services that are allowed on the Unix system. • Make sure that only necessary services are activated • Unix comes with all services activated by default, and many of these services have severe security vulnerabilities.
Patches • Ensure that your Unix systems are patched regularly. A policy should be adopted to ensure that all patches are tested and installed on a schedule.
Conclusion • Although there are many other areas that can be addressed in a security baseline, the aforementioned areas mentioned will give you a headstart in addressing security for your Unix system, and should prepare your servers for our upcoming IS audits.