Presentation is loading. Please wait.

Presentation is loading. Please wait.

UNIX SECURITY Presented by Lisa Outlaw, CISA Information Systems Audit Supervisor.

Published byJaidyn Christley Modified over 9 years ago

Similar presentations

Presentation on theme: "UNIX SECURITY Presented by Lisa Outlaw, CISA Information Systems Audit Supervisor."— Presentation transcript:

1 UNIX SECURITY Presented by Lisa Outlaw, CISA Information Systems Audit Supervisor

2 A BRIEF OVERVIEW “Need to Know Basis”“Need to Know Basis” BaselineBaseline –User Account Administration –Password Administration –Group or Role Administration –File Permissions on Critical Files –UMASK –SUID & SGID –Cron –Syslog –Services –Patches ConclusionConclusion

3 Need to Know Basis When setting up security on your Unix systems, ensure that security is set up on a need to know need to use basis.When setting up security on your Unix systems, ensure that security is set up on a need to know need to use basis.

4 Baseline A Baseline ensures that security policies are implemented consistently and completely across various platforms.A Baseline ensures that security policies are implemented consistently and completely across various platforms. Should be in a written formShould be in a written form Include specific instructions to achieve security on a specific server.Include specific instructions to achieve security on a specific server.

5 User Account Administration User Account Policies should address:User Account Policies should address: –Immediate deactivation of Users Accounts for terminated employees –Superuser account procedures –Contractors Accounts –Naming Conventions for User accounts

6 Password Administration 60 to 90 day expiration for ordinary users60 to 90 day expiration for ordinary users 30 day password expiration for superusers30 day password expiration for superusers Do not allow password sharingDo not allow password sharing Set minimum password lengths to at least 6 charactersSet minimum password lengths to at least 6 characters

7 Group or Role Administration Assign users with like responsibilities to groupsAssign users with like responsibilities to groups

8 File Permissions on Critical Files Unix controls access to files, programs, and all other resources via file permissions.Unix controls access to files, programs, and all other resources via file permissions. Unix permission are controlled by three categories: Owner, Group, and WorldUnix permission are controlled by three categories: Owner, Group, and World Each category has the ability to either READ, WRITE, and/or EXECUTE Unix files or resourcesEach category has the ability to either READ, WRITE, and/or EXECUTE Unix files or resources Ex. –rwxr-x--xEx. –rwxr-x--x

9 UMASK Ensure that your UMASK settings automatically assigns each newly created file with the most secure file permission.Ensure that your UMASK settings automatically assigns each newly created file with the most secure file permission.

10 SUID & SGID SUID and SGID files allow the World user to temporarily assume the permissions of the Owner or Group users while using the program.SUID and SGID files allow the World user to temporarily assume the permissions of the Owner or Group users while using the program.

11 CRON Cron is the Unix Job schedulerCron is the Unix Job scheduler Many system administrators use the Cron to perform automatic full or incremental back-ups of the systems.Many system administrators use the Cron to perform automatic full or incremental back-ups of the systems. The Cron can also be used to email log files, clean up file system etc.The Cron can also be used to email log files, clean up file system etc.

12 Syslog The syslog utility allows systems administrators to log various events occurring on the Unix system.The syslog utility allows systems administrators to log various events occurring on the Unix system. If Syslog is configured correctly, Unix can log many security events without the use of a third party plug-in.If Syslog is configured correctly, Unix can log many security events without the use of a third party plug-in.

13 Services The inetd.conf file controls the services that are allowed on the Unix system.The inetd.conf file controls the services that are allowed on the Unix system. Make sure that only necessary services are activatedMake sure that only necessary services are activated Unix comes with all services activated by default, and many of these services have severe security vulnerabilities.Unix comes with all services activated by default, and many of these services have severe security vulnerabilities.

14 Patches Ensure that your Unix systems are patched regularly. A policy should be adopted to ensure that all patches are tested and installed on a schedule.Ensure that your Unix systems are patched regularly. A policy should be adopted to ensure that all patches are tested and installed on a schedule.

15 Conclusion Although there are many other areas that can be addressed in a security baseline, the aforementioned areas mentioned will give you a headstart in addressing security for your Unix system, and should prepare your servers for our upcoming IS audits.Although there are many other areas that can be addressed in a security baseline, the aforementioned areas mentioned will give you a headstart in addressing security for your Unix system, and should prepare your servers for our upcoming IS audits.

Download ppt "UNIX SECURITY Presented by Lisa Outlaw, CISA Information Systems Audit Supervisor."

Similar presentations

Thoughts on Technology Issues for Small Business Implementing Technical Safeguards to support Your Policies.

Thoughts on Technology Issues for Small Business Implementing Technical Safeguards to support Your Policies.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Information Systems Audit Program (cont.). PHYSICAL SECURITY CONTROLS.

Information Systems Audit Program (cont.). PHYSICAL SECURITY CONTROLS.
Lesson 17: Configuring Security Policies

Lesson 17: Configuring Security Policies
Information Systems Audit Program. Benefit Audit programs are necessary to perform an effective and efficient audit. Audit programs are essentially checklists.

Information Systems Audit Program. Benefit Audit programs are necessary to perform an effective and efficient audit. Audit programs are essentially checklists.
Appendix B: Designing Policies for Managing Networks.

Appendix B: Designing Policies for Managing Networks.
Module 4: Implementing User, Group, and Computer Accounts

Module 4: Implementing User, Group, and Computer Accounts
Security Features in Windows Vista. What Will We Cover? Security fundamentals Protecting your company’s resources Anti-malware features.

Security Features in Windows Vista. What Will We Cover? Security fundamentals Protecting your company’s resources Anti-malware features.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 14: Windows Server 2003 Security Features.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 14: Windows Server 2003 Security Features.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 14: Windows Server 2003 Security Features.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 14: Windows Server 2003 Security Features.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Chapter 3 Unix Overview. Figure 3.1 Unix file system.

Chapter 3 Unix Overview. Figure 3.1 Unix file system.
Lesson 10 – SECURING YOUR NETWORK Security devices Internal security External security Viruses and other malicious software OVERVIEW.

Lesson 10 – SECURING YOUR NETWORK Security devices Internal security External security Viruses and other malicious software OVERVIEW.
Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard
7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.

7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.
Maintaining Host Security Logs.  Security logs are invaluable for verifying whether the host's defenses are operating properly.  Another reason to maintain.

Maintaining Host Security Logs.  Security logs are invaluable for verifying whether the host's defenses are operating properly.  Another reason to maintain.
11 MAINTAINING THE OPERATING SYSTEM Chapter 5. Chapter 5: MAINTAINING THE OPERATING SYSTEM2 CHAPTER OVERVIEW  Understand the difference between service.

11 MAINTAINING THE OPERATING SYSTEM Chapter 5. Chapter 5: MAINTAINING THE OPERATING SYSTEM2 CHAPTER OVERVIEW  Understand the difference between service.

Similar presentations

Ads by Google