1. General Unix Security Group A2 Rachit Gupta Roland Hollis E.J. Chambers

2. Security is only as good as its weakest link Introduction Physical Security Threats Internal External Detection

3. General Concepts Turn off any guest/anonymous accounts Make users change passwords frequently Disable well known accounts that do not need direct login Adm, daemon, sys Do not have a “Welcome” message on the login screen Make sure to keep log files

4. Internal Threats Basic Internal Concepts Make sure you have the permissions set properly Using Group Permissions Correctly Password Security Must use shadow passwords since 20% of passwords on system are hackable

5. Internal Threats Con’t Virtually every attempt is to gain root access Downfall of Unix, are Setuid Programs Programs that are run by normal users, but change to user 0 (root) to perform the required task level Identify these programs and determine if normal users need it, or if the suid bit enabled

6. External Threats More common than Internal since these people already do not have access Packet Sniffing is very common method Packing Sniffing is normally done on the system in question This means your system has already been compromised

7. DoS Attacks Fork Bomb Process continually spawns new children, eating up the system resources Malloc Bomb Process continually makes malloc calls, until all memory is gone SYN Flood When TCP connection is being established, just sending a SYN will leave server in unfinished state Mail Bomb Enormous amount of email that slows system and takes up disk space

8. Continued Disable little or unused TCP/UDP services If not needed, disable all ‘r’ commands I.e. rsh, rlogin There are many programs available to help with keeping your system secure Netmap SATAN Tcpdump Kerberos