网络最高安全-计算机网络安全参考文章

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> <HTML> <HEAD> <TITLE>Maximum Security -- Ch 17 -- UNIX: The Big Kahuna</TITLE> </HEAD> <BODY TEXT="#000000" BGCOLOR="#FFFFFF"> <CENTER> <H1><IMG SRC="../button/samsnet.gif" WIDTH="171" HEIGHT="66" ALIGN="BOTTOM" BORDER="0"><BR> <FONT COLOR="#000077">Maximum Security: </FONT></H1> </CENTER> <CENTER> <H2><FONT COLOR="#000077">A Hacker's Guide to Protecting Your Internet Site and Network</FONT></H2> </CENTER> <CENTER> <P><A HREF="../ch16/ch16.htm"><IMG SRC="../button/previous.gif" WIDTH="128" HEIGHT="28" ALIGN="BOTTOM" ALT="Previous chapter" BORDER="0"></A><A HREF="../ch18/ch18.htm"><IMG SRC="../button/next.gif" WIDTH="128" HEIGHT="28" ALIGN="BOTTOM" ALT="Next chapter" BORDER="0"></A><A HREF="../index.htm"><IMG SRC="../button/contents.gif" WIDTH="128" HEIGHT="28" ALIGN="BOTTOM" ALT="Contents" BORDER="0"></A> <HR> </CENTER> <CENTER> <H1><FONT COLOR="#000077">17</FONT></H1> </CENTER> <CENTER> <H1><FONT COLOR="#000077">UNIX: The Big Kahuna</FONT></H1> </CENTER> <P>Some things need to be said about this chapter and the way it was written. As I sat before my machine, a blank page staring me in the face, I contemplated how I would structure this chapter. There were shadows looming over me and I want to discuss them here.</P> <P>UNIX folks are a breed unto themselves. Some may know firewalls, some may know scanners, some may know exploit scripts, and so forth. However, they all share one common thing: They know their operating system exceedingly well. The average UNIX system administrator has probably written his own printer drivers on more than one occasion. He has also likely taken the source code for various stock utilities and reworked them to his own particular taste. So this chapter--to be any good at all--has to be filled with technical information of practical value.</P> <P>Conversely, there are a lot of readers scouring these pages to learn about basic UNIX system security. Perhaps they recently installed Linux or FreeBSD because it was an inexpensive choice for a quick Web server solution. Perhaps they have had a UNIX box serving as a firewall at their offices--maintained by some outside technician--and they want to know what it actually does. Or perhaps this class of readers includes journalists who have no idea about UNIX and their editors have requested that they learn a little bit.</P> <P>I considered all these things prior to writing even a single paragraph. What was the end result? A long chapter. UNIX folks can cut to the chase by breezing through each section. (There are tidbits here and there where important information appears, so keep an eye out.) The rest of the folks can read the chapter as an entire block and learn the following: <UL> <LI>What security holes exist <LI>Where they exist <LI>Why they exist <LI>What utilities are available to plug them </UL> <P>I hope this chapter will be of value to all. Also, because UNIX security is so complex, I am sure I have missed much. However, whole volumes are written on UNIX security and these still sometimes miss information. Therefore, we venture forth together, doing as best we can under the constraints of this book. <H2><FONT COLOR="#000077"><B>The UNIX Platform Generally</B></FONT></H2> <P>The UNIX platform has evolved over the years. Today, it can be defined as a 32- (or 64-) bit multitasking, multiuser, networked operating system. It has advanced security features, including discretionary access control, encryption, and authentication. <H3><FONT COLOR="#000077"><B>Can UNIX Be Secure?</B></FONT></H3> <P>UNIX can be secure. However, it is not secure in its native state (that is, out of the box). Out-of-the-box weaknesses exist for every flavor of UNIX, although some distributions are more insecure than others. Certain versions of IRIX (SGI), for example, or most early versions of Linux have Class A or B holes. (Those holes allow outsiders to gain unauthorized access.) These holes are not a terminal problem (no pun intended); they simply need to be plugged at first installation. That having been done, these versions of UNIX are not different from most other versions of nonsecure UNIX. <H3><FONT COLOR="#000077"><B>What Is &quot;Secure&quot; UNIX?</B></FONT></H3> <P>What is secure UNIX (or as it is sometimes called, <I>trusted UNIX</I>)? Secure UNIX is any UNIX platform that been determined by the National Security Agency (NSA) to have excellent security controls. These versions must be on the NSA's Evaluated Product List (EPL). Products on this list have been rigorously tested under various conditions and are considered safe for use involving semi-sensitive data.</P> <P>This evaluation process is under the Trusted Product Evaluation Program, which is conducted on behalf of the National Computer Security Center, and both organizations are elements of the National Security Agency. These are the people who determine what products are &quot;safe&quot; for use in secure and semi-secure environments.</P> <P>The products are rated according to a predefined index. This index has various levels of &quot;assurance,&quot; or <I>classes,</I> of security. As described in the TPEP FAQ: <DL> <DD>A class is the specific collection of requirements in the Trusted Computer System Evaluation Criteria (TCSEC) to which an evaluated system conforms. There are seven classes in the TCSEC: A1, B3, B2, B1, C2, C1, and D, in decreasing order of features and assurances. Thus, a system evaluated at class B3 has more security features and/or a higher confidence that the security features work as intended than a system evaluated at class B1. The requirements for a higher class are always a superset of the lower class. Thus a B2 system meets every C2 functional requirement and has a higher level of assurance. </DL> <BLOCKQUOTE> <P> <HR> <FONT COLOR="#000077"><B>Cross Reference:</B></FONT><B> </B>&quot;TPEP FAQ: What Is a Class?&quot; can be found online at <A HREF="http://www.radium.ncsc.mil/tpep/process/faq-sect3.html#Q4"><TT>http://www.radium.ncsc.mil/tpep/process/faq-sect3.html#Q4</TT></A>. <HR> </BLOCKQUOTE> <P>The two UNIX products that are positioned highest on the list (levels B3 and B2, respectively) are identified in Table 17.1. According to the National Security Agency, these are the most secure operating systems on the planet. <H4><FONT COLOR="#000077"><B>Table 17.1. Trusted, secure UNIX products.</B></FONT></H4> <P> <TABLE BORDER="1"> <TR ALIGN="LEFT" rowspan="1"> <TD ALIGN="LEFT"><I>Operating System</I></TD> <TD ALIGN="LEFT"><I>Vendor</I></TD> <TD ALIGN="LEFT"><I>Class</I></TD> </TR> <TR ALIGN="LEFT" rowspan="1"> <TD ALIGN="LEFT">XTS-300 STOP 4.1a*</TD> <TD ALIGN="LEFT">Wang Federal, Inc.</TD> <TD ALIGN="LEFT">B3</TD> </TR> <TR ALIGN="LEFT" rowspan="1"> <TD ALIGN="LEFT">Trusted XENIX 4.0*</TD> <TD ALIGN="LEFT">Trusted Information Systems, Inc.</TD> <TD ALIGN="LEFT">B2</TD> </TR> </TABLE> </P> <P>*These operating systems have earlier versions that have all been determined to be in the same category. I have listed only the latest versions of these products.</P> <P>To examine earlier versions (and their ratings), refer to <A HREF="http://www.radium.ncsc.mil/tpep/epl/epl-by-class.html"><TT>http://www.radium.ncsc.mil/tpep/epl/epl-by-class.html</TT></A>. Wang Federal's XTS-300/STOP 4.1a is not just an operating system, but an entire package. It consists of both hardware (Intel 80486 PC/AT, EISA bus system) and software (the STOP 4.1a operating system). It sports a UNIX-like interface at lower levels of the system. At higher levels, it utilizes a hierarchical file system. This operating system has extreme DAC (data access control) and is suitable for sensitive work. STOP 4.1a has the very highest rating of any operating system. As reported by the EPL: <DL> <DD>Beyond the minimal requirements for a B3 system, the XTS-300 provides a mandatory integrity policy, an extra subtype policy, and a familiar, UNIX-like en