<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<TITLE>Maximum Security -- Ch 17 -- UNIX: The Big Kahuna</TITLE>
</HEAD>
<BODY TEXT="#000000" BGCOLOR="#FFFFFF">
<CENTER>
<H1><IMG SRC="../button/samsnet.gif" WIDTH="171" HEIGHT="66" ALIGN="BOTTOM" BORDER="0"><BR>
<FONT COLOR="#000077">Maximum Security: </FONT></H1>
</CENTER>
<CENTER>
<H2><FONT COLOR="#000077">A Hacker's Guide to Protecting Your Internet Site and Network</FONT></H2>
</CENTER>
<CENTER>
<P><A HREF="../ch16/ch16.htm"><IMG SRC="../button/previous.gif" WIDTH="128" HEIGHT="28"
ALIGN="BOTTOM" ALT="Previous chapter" BORDER="0"></A><A HREF="../ch18/ch18.htm"><IMG
SRC="../button/next.gif" WIDTH="128" HEIGHT="28" ALIGN="BOTTOM" ALT="Next chapter"
BORDER="0"></A><A HREF="../index.htm"><IMG SRC="../button/contents.gif" WIDTH="128"
HEIGHT="28" ALIGN="BOTTOM" ALT="Contents" BORDER="0"></A>
<HR>
</CENTER>
<CENTER>
<H1><FONT COLOR="#000077">17</FONT></H1>
</CENTER>
<CENTER>
<H1><FONT COLOR="#000077">UNIX: The Big Kahuna</FONT></H1>
</CENTER>
<P>Some things need to be said about this chapter and the way it was written. As
I sat before my machine, a blank page staring me in the face, I contemplated how
I would structure this chapter. There were shadows looming over me and I want to
discuss them here.</P>
<P>UNIX folks are a breed unto themselves. Some may know firewalls, some may know
scanners, some may know exploit scripts, and so forth. However, they all share one
common thing: They know their operating system exceedingly well. The average UNIX
system administrator has probably written his own printer drivers on more than one
occasion. He has also likely taken the source code for various stock utilities and
reworked them to his own particular taste. So this chapter--to be any good at all--has
to be filled with technical information of practical value.</P>
<P>Conversely, there are a lot of readers scouring these pages to learn about basic
UNIX system security. Perhaps they recently installed Linux or FreeBSD because it
was an inexpensive choice for a quick Web server solution. Perhaps they have had
a UNIX box serving as a firewall at their offices--maintained by some outside technician--and
they want to know what it actually does. Or perhaps this class of readers includes
journalists who have no idea about UNIX and their editors have requested that they
learn a little bit.</P>
<P>I considered all these things prior to writing even a single paragraph. What was
the end result? A long chapter. UNIX folks can cut to the chase by breezing through
each section. (There are tidbits here and there where important information appears,
so keep an eye out.) The rest of the folks can read the chapter as an entire block
and learn the following:
<UL>
<LI>What security holes exist
<LI>Where they exist
<LI>Why they exist
<LI>What utilities are available to plug them
</UL>
<P>I hope this chapter will be of value to all. Also, because UNIX security is so
complex, I am sure I have missed much. However, whole volumes are written on UNIX
security and these still sometimes miss information. Therefore, we venture forth
together, doing as best we can under the constraints of this book.
<H2><FONT COLOR="#000077"><B>The UNIX Platform Generally</B></FONT></H2>
<P>The UNIX platform has evolved over the years. Today, it can be defined as a 32-
(or 64-) bit multitasking, multiuser, networked operating system. It has advanced
security features, including discretionary access control, encryption, and authentication.
<H3><FONT COLOR="#000077"><B>Can UNIX Be Secure?</B></FONT></H3>
<P>UNIX can be secure. However, it is not secure in its native state (that is, out
of the box). Out-of-the-box weaknesses exist for every flavor of UNIX, although some
distributions are more insecure than others. Certain versions of IRIX (SGI), for
example, or most early versions of Linux have Class A or B holes. (Those holes allow
outsiders to gain unauthorized access.) These holes are not a terminal problem (no
pun intended); they simply need to be plugged at first installation. That having
been done, these versions of UNIX are not different from most other versions of nonsecure
UNIX.
<H3><FONT COLOR="#000077"><B>What Is "Secure" UNIX?</B></FONT></H3>
<P>What is secure UNIX (or as it is sometimes called, <I>trusted UNIX</I>)? Secure
UNIX is any UNIX platform that been determined by the National Security Agency (NSA)
to have excellent security controls. These versions must be on the NSA's Evaluated
Product List (EPL). Products on this list have been rigorously tested under various
conditions and are considered safe for use involving semi-sensitive data.</P>
<P>This evaluation process is under the Trusted Product Evaluation Program, which
is conducted on behalf of the National Computer Security Center, and both organizations
are elements of the National Security Agency. These are the people who determine
what products are "safe" for use in secure and semi-secure environments.</P>
<P>The products are rated according to a predefined index. This index has various
levels of "assurance," or <I>classes,</I> of security. As described in
the TPEP FAQ:
<DL>
<DD>A class is the specific collection of requirements in the Trusted Computer System
Evaluation Criteria (TCSEC) to which an evaluated system conforms. There are seven
classes in the TCSEC: A1, B3, B2, B1, C2, C1, and D, in decreasing order of features
and assurances. Thus, a system evaluated at class B3 has more security features and/or
a higher confidence that the security features work as intended than a system evaluated
at class B1. The requirements for a higher class are always a superset of the lower
class. Thus a B2 system meets every C2 functional requirement and has a higher level
of assurance.
</DL>
<BLOCKQUOTE>
<P>
<HR>
<FONT COLOR="#000077"><B>Cross Reference:</B></FONT><B> </B>"TPEP FAQ: What
Is a Class?" can be found online at <A HREF="http://www.radium.ncsc.mil/tpep/process/faq-sect3.html#Q4"><TT>http://www.radium.ncsc.mil/tpep/process/faq-sect3.html#Q4</TT></A>.
<HR>
</BLOCKQUOTE>
<P>The two UNIX products that are positioned highest on the list (levels B3 and B2,
respectively) are identified in Table 17.1. According to the National Security Agency,
these are the most secure operating systems on the planet.
<H4><FONT COLOR="#000077"><B>Table 17.1. Trusted, secure UNIX products.</B></FONT></H4>
<P>
<TABLE BORDER="1">
<TR ALIGN="LEFT" rowspan="1">
<TD ALIGN="LEFT"><I>Operating System</I></TD>
<TD ALIGN="LEFT"><I>Vendor</I></TD>
<TD ALIGN="LEFT"><I>Class</I></TD>
</TR>
<TR ALIGN="LEFT" rowspan="1">
<TD ALIGN="LEFT">XTS-300 STOP 4.1a*</TD>
<TD ALIGN="LEFT">Wang Federal, Inc.</TD>
<TD ALIGN="LEFT">B3</TD>
</TR>
<TR ALIGN="LEFT" rowspan="1">
<TD ALIGN="LEFT">Trusted XENIX 4.0*</TD>
<TD ALIGN="LEFT">Trusted Information Systems, Inc.</TD>
<TD ALIGN="LEFT">B2</TD>
</TR>
</TABLE>
</P>
<P>*These operating systems have earlier versions that have all been determined to
be in the same category. I have listed only the latest versions of these products.</P>
<P>To examine earlier versions (and their ratings), refer to <A HREF="http://www.radium.ncsc.mil/tpep/epl/epl-by-class.html"><TT>http://www.radium.ncsc.mil/tpep/epl/epl-by-class.html</TT></A>.
Wang Federal's XTS-300/STOP 4.1a is not just an operating system, but an entire package.
It consists of both hardware (Intel 80486 PC/AT, EISA bus system) and software (the
STOP 4.1a operating system). It sports a UNIX-like interface at lower levels of the
system. At higher levels, it utilizes a hierarchical file system. This operating
system has extreme DAC (data access control) and is suitable for sensitive work.
STOP 4.1a has the very highest rating of any operating system. As reported by the
EPL:
<DL>
<DD>Beyond the minimal requirements for a B3 system, the XTS-300 provides a mandatory
integrity policy, an extra subtype policy, and a familiar, UNIX-like en
没有合适的资源?快使用搜索试试~ 我知道了~
网络最高安全-计算机网络安全参考文章
共636个文件
htm:234个
gif:174个
txt:76个
需积分: 6 5 下载量 28 浏览量
2008-10-11
11:01:36
上传
评论
收藏 6.21MB RAR 举报
温馨提示
Hacker tell you how to protect your Internet and system
资源推荐
资源详情
资源评论
收起资源包目录
网络最高安全-计算机网络安全参考文章 (636个子文件)
安装.bat 908B
安装.bat 908B
安装.bat 908B
安装.bat 908B
安装.bat 908B
安装.bat 908B
安装.bat 908B
安装.bat 908B
安装.bat 908B
安装.bat 908B
安装.bat 908B
安装.bat 908B
安装.bat 908B
安装.bat 908B
安装.bat 908B
安装.bat 908B
安装.bat 908B
安装.bat 908B
安装.bat 908B
安装.bat 908B
安装.bat 908B
安装.bat 908B
安装.bat 908B
安装.bat 908B
安装.bat 908B
安装.bat 908B
安装.bat 908B
安装.bat 908B
安装.bat 908B
安装.bat 908B
安装.bat 908B
安装.bat 908B
安装.bat 908B
安装.bat 908B
安装.bat 908B
安装.bat 908B
安装.bat 908B
安装.bat 908B
安装.bat 908B
安装.bat 908B
安装.bat 908B
安装.bat 908B
安装.bat 908B
安装.bat 908B
安装.bat 908B
安装.bat 908B
安装.bat 908B
安装.bat 908B
安装.bat 908B
安装.bat 908B
安装.bat 908B
安装.bat 908B
安装.bat 908B
安装.bat 908B
安装.bat 908B
安装.bat 908B
安装.bat 908B
安装.bat 908B
安装.bat 908B
安装.bat 908B
安装.bat 908B
安装.bat 908B
安装.bat 908B
安装.bat 908B
安装.bat 908B
安装.bat 908B
安装.bat 908B
安装.bat 908B
安装.bat 908B
安装.bat 908B
安装.bat 908B
安装.bat 908B
安装.bat 908B
安装.bat 908B
安装.bat 908B
Thumbs.db 14KB
10hac08.gif 116KB
10hac08.gif 116KB
14hac03.gif 113KB
14hac03.gif 113KB
14hac05.gif 76KB
14hac05.gif 76KB
14hac01.gif 67KB
14hac01.gif 67KB
12hac05.gif 66KB
12hac05.gif 66KB
13hac08.gif 65KB
13hac08.gif 65KB
15hac03.gif 63KB
15hac03.gif 63KB
13hac07.gif 61KB
13hac07.gif 61KB
14hac04.gif 57KB
14hac04.gif 57KB
13hac06.gif 54KB
13hac06.gif 54KB
15hac04.gif 53KB
15hac04.gif 53KB
14hac02.gif 49KB
14hac02.gif 49KB
共 636 条
- 1
- 2
- 3
- 4
- 5
- 6
- 7
资源评论
SEANSHAO99
- 粉丝: 1
- 资源: 24
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
最新资源
- Pytorch-pytorch深度学习教程之前馈神经网络.zip
- Pytorch-pytorch深度学习教程之线性回归.zip
- Pytorch-pytorch深度学习教程之基本操作.zip
- 基于QT的地图可视化桌面系统后台数据库为MySQL5.7源码.zip
- 基于simulink的PLL锁相环系统仿真【包括模型,文档,参考文献,操作步骤】
- 基于EM-GMM模型的目标跟踪和异常行为检测matlab仿真【包括程序,注释,参考文献,操作步骤,说明文档】
- 2109010044_胡晨燕_选课管理数据库设计与实现.prj
- 帕鲁介绍的PPT备份没什么好下的
- demo1-202405
- 两种方式修改Intel网卡MAC地址
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功