Scribd
Upload
35 views

Unix Security

1. The document discusses various methods for improving system security, including disabling unused accounts, patching and restricting programs, disabling unnecessary services, and implementing built-in firewalls. 2. It provides steps for disabling an account, which involves making backups of password files, editing the password file to change the shell, and editing the shadow file to invalidate the password. 3. It also lists some common built-in firewalls like IPTables in Linux and Sunscreen in Solaris, and security tools like Tripwire, Nessus, and Snort.

Uploaded by

Charles Raj
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
35 views

Unix Security

1. The document discusses various methods for improving system security, including disabling unused accounts, patching and restricting programs, disabling unnecessary services, and implementing built-in firewalls. 2. It provides steps for disabling an account, which involves making backups of password files, editing the password file to change the shell, and editing the shadow file to invalidate the password. 3. It also lists some common built-in firewalls like IPTables in Linux and Sunscreen in Solaris, and security tools like Tripwire, Nessus, and Snort.

Uploaded by

Charles Raj
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 17

m  m

Presenter Name
Presentation Date


u  
        
  
 
 
   
 
 
    


u        




 
  
Bas
s

u §onfidentiality

u Integrity

u Availability
3ss s  
 
u Oardware

u Network connection

u Data

u Services
  al ss s
u mser Error
u Oardware Failure
u Theft of Oardware
u Data Manipulation
u Theft of services
u Eavesdropping
u Viruses

 m s 

Password Security


Password Discovery
2 Programs
ass 

u The basic authentication method for host systems
involves username and Password .

u A good password consists of combination of


uppercase and lowercase letter as well as numbers
and punctuation.

u No matter how you create your password, make sure


that u can memorize it.

u Make sure that u do not write passwords anywhere.


ass 
   as
u Most popular password recovery programs are crack
and john the ripper.

u System Administrators and security professionals


often utilize these tools to determine the password
strength of the user account.

u If we decide to use these tools to audit system


passwords, we must first have the system owner͛s
permission in writing or we could face severe criminal
penalties.
   3  s a  3

ss

mID 0

oot Management options
2
Setting up sudo
3
s 3  s a a
     s
emove unneeded accounts

2
Patch, estrict or emove Programs

3
Disable mnneeded services

4
Monitor and estrict Access to services

5
Implement Built-
Built-in Firewalls
     3

 s
Steps to disable an account
u Make a backup of /etc/shadow and /etc/passwd files and ensure
them with permissions set to 700 and the files are owned by root.

u Edit etc/passwd, putting bin/false as the shell entry while


removing the current shell for any system accounts you want to
disable.

u Edit etc/shadow, entering a * in the encrypted password field

These steps prevent the account from being logged into, because the
user will not have valid shell or password.
a
 s
     as
Steps to disable an account
u Make a backup of /etc/shadow and /etc/passwd files and ensure
them with permissions set to 700 and the files are owned by root.

u Edit etc/passwd, putting bin/false as the shell entry while


removing the current shell for any system accounts you want to
disable.

u Edit etc/shadow, entering a * in the encrypted password field

These steps prevent the account from being logged into, because the
user will not have valid shell or password.
a sabl    s 
s
Steps to disable an account
u Make a backup of /etc/shadow and /etc/passwd files and ensure
them with permissions set to 700 and the files are owned by root.

u Edit etc/passwd, putting bin/false as the shell entry while


removing the current shell for any system accounts you want to
disable.

u Edit etc/shadow, entering a * in the encrypted password field

These steps prevent the account from being logged into, because the
user will not have valid shell or password.
l  B l  alls
u Modern mnix system include a built-in firewall for
restricting access to the system based on criteria set by
the system administrator.

u The firewalls require knowledge of the system and the


ability to determine system access requirements.

u Some of the built-in firewall are


ÿ inux IPTables
ÿ Solaris sunscreen
ÿ Mac OS x Personal firewall
 
  as
u Tripwire ʹ A file integrity §hecker
u Nesus - A vulnerability Scanner
u Saint - A vulnerability Scanner
u NMAP ʹ A port Scanning tool
u Snort - A network intrusion detection tool
u GNmPG ʹ Gnu Privacy Guard used to encrypt
files.
!3 " m##

You might also like