UNIX SECURITY

1
UNIX SECURITY

• Presented by
• Lisa Outlaw, CISA
• Information Systems Audit Supervisor

2
A BRIEF OVERVIEW

• Need to Know Basis
• Baseline
• User Account Administration
• Password Administration
• Group or Role Administration
• File Permissions on Critical Files
• UMASK
• SUID SGID
• Cron
• Syslog
• Services
• Patches
• Conclusion

3
Need to Know Basis

• When setting up security on your Unix systems,
  ensure that security is set up on a need to know
  need to use basis.

4
Baseline

• A Baseline ensures that security policies are
  implemented consistently and completely across
  various platforms.
• Should be in a written form
• Include specific instructions to achieve security
  on a specific server.

5
User Account Administration

• User Account Policies should address
• Immediate deactivation of Users Accounts for
  terminated employees
• Superuser account procedures
• Contractors Accounts
• Naming Conventions for User accounts

6
Password Administration

• 60 to 90 day expiration for ordinary users
• 30 day password expiration for superusers
• Do not allow password sharing
• Set minimum password lengths to at least 6
  characters

7
Group or Role Administration

• Assign users with like responsibilities to groups

8
File Permissions on Critical Files

• Unix controls access to files, programs, and all
  other resources via file permissions.
• Unix permission are controlled by three
  categories Owner, Group, and World
• Each category has the ability to either READ,
  WRITE, and/or EXECUTE Unix files or resources
• Ex. rwxr-x--x

9
UMASK

• Ensure that your UMASK settings automatically
  assigns each newly created file with the most
  secure file permission.

10
SUID SGID

• SUID and SGID files allow the World user to
  temporarily assume the permissions of the Owner
  or Group users while using the program.

11
CRON

• Cron is the Unix Job scheduler
• Many system administrators use the Cron to
  perform automatic full or incremental back-ups of
  the systems.
• The Cron can also be used to email log files,
  clean up file system etc.

12
Syslog

• The syslog utility allows systems administrators
  to log various events occurring on the Unix
  system.
• If Syslog is configured correctly, Unix can log
  many security events without the use of a third
  party plug-in.

13
Services

• The inetd.conf file controls the services that
  are allowed on the Unix system.
• Make sure that only necessary services are
  activated
• Unix comes with all services activated by
  default, and many of these services have severe
  security vulnerabilities.

14
Patches

• Ensure that your Unix systems are patched
  regularly. A policy should be adopted to ensure
  that all patches are tested and installed on a
  schedule.

15
Conclusion

• Although there are many other areas that can be
  addressed in a security baseline, the
  aforementioned areas mentioned will give you a
  headstart in addressing security for your Unix
  system, and should prepare your servers for our
  upcoming IS audits.