include("../header.html"); ?>
There are numerous versions of UNIX and all have different default settings. Most systems are installed with only basic security and it is up to the system administrator to plug any holes. Also, there are several levels of security and which one is best will vary from environment to environment. Below are some general guidelines that are applicable in almost all environments. These tips are helpful even if your system is not connected to the Internet - the vast majority of computer break-ins originate from an internal source.
Rename the Administrator account
In order to compromise your system, a hacker needs two pieces of information -
a username and the matching password. When your system is installed, an account
named "root" is created which has all administrative privileges on
the system. Because of this, a hacker already has half of the information he
needs to break in to your system. If you rename the account to something
different, you add an extra level of obscurity and it is more difficult to
break in to your system.
Disable any unnecessary accounts
When your system in installed, it generally creates several additional user
accounts. These accounts, and their permissions, vary from vendor to vendor so
it is best to familiarize yourself with them. The unnecessary ones should be
disabled or deleted as appropriate.
Install the latest patches and fixes
Any time a vendor is notified of a security weakness in their system, they
create a patch for it. It is important that you make yourself aware of any such
patches and install them as they become available. Your vendor's web site is
probably the best source for this information. Also, you may be able to join an
email list to receive notifications automatically.
Enforce physical security
At a minimum, your systems should be treated as any valuable item and be kept
in a safe location. In a highly relaxed environment, this means at least
keeping your systems out of the way of the general public. In most cases, it is
best to keep your systems in a locked server room, where only specifically
authorized users have access to them.
Always remember to logout or lock the workstation
When you leave the system you are working on, you should be sure to either
logout from the system, or lock it. If you do not do this, any person passing
by will have full access to the system using your account. It is also a good
idea to use a password-protected screensaver on your system in case you forget
to logout or lock the system.
Implement a password policy
Accounts in all but the most relaxed environment should always have a password.
But simply having a password is not always enough - it is important to use
strong passwords. For example, if you work for Acme Manufacturing,
"acme" would be a very poor password choice. It is also a bad idea to
write down your passwords.
It is also a very good idea to install shadow passwords, or some other password enhancement, if your system does not use them automatically. Because the password file on a UNIX system must be readable by everyone, it can easily be copied and then decrypted offline on another system. Shadow passwords remove the actual passwords from the password file and store them in a separate, secure file.
What else can you do?
While we have outlined a few basic security guidelines, it is best to perform a
complete security audit on your systems. Because an audit must be specifically
tailored to your environment, we could never outline it here. NetInterface
Consultings staff is fully trained in many versions of UNIX and in
computer security and can discuss this with you further.
Contact us to arrange a free consultation and a
complete security audit of your systems.