<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<TITLE>Maximum Security -- Ch 17 -- UNIX: The Big Kahuna</TITLE>
</HEAD>
<BODY TEXT="#000000" BGCOLOR="#FFFFFF">
<CENTER>
<H1><IMG SRC="../button/samsnet.gif" WIDTH="171" HEIGHT="66" ALIGN="BOTTOM" BORDER="0"><BR>
<FONT COLOR="#000077">Maximum Security: </FONT></H1>
</CENTER>
<CENTER>
<H2><FONT COLOR="#000077">A Hacker's Guide to Protecting Your Internet Site and Network</FONT></H2>
</CENTER>
<CENTER>
<P><A HREF="../ch16/ch16.htm"><IMG SRC="../button/previous.gif" WIDTH="128" HEIGHT="28"
ALIGN="BOTTOM" ALT="Previous chapter" BORDER="0"></A><A HREF="../ch18/ch18.htm"><IMG
SRC="../button/next.gif" WIDTH="128" HEIGHT="28" ALIGN="BOTTOM" ALT="Next chapter"
BORDER="0"></A><A HREF="../index.htm"><IMG SRC="../button/contents.gif" WIDTH="128"
HEIGHT="28" ALIGN="BOTTOM" ALT="Contents" BORDER="0"></A>
<HR>
</CENTER>
<CENTER>
<H1><FONT COLOR="#000077">17</FONT></H1>
</CENTER>
<CENTER>
<H1><FONT COLOR="#000077">UNIX: The Big Kahuna</FONT></H1>
</CENTER>
<P>Some things need to be said about this chapter and the way it was written. As
I sat before my machine, a blank page staring me in the face, I contemplated how
I would structure this chapter. There were shadows looming over me and I want to
discuss them here.</P>
<P>UNIX folks are a breed unto themselves. Some may know firewalls, some may know
scanners, some may know exploit scripts, and so forth. However, they all share one
common thing: They know their operating system exceedingly well. The average UNIX
system administrator has probably written his own printer drivers on more than one
occasion. He has also likely taken the source code for various stock utilities and
reworked them to his own particular taste. So this chapter--to be any good at all--has
to be filled with technical information of practical value.</P>
<P>Conversely, there are a lot of readers scouring these pages to learn about basic
UNIX system security. Perhaps they recently installed Linux or FreeBSD because it
was an inexpensive choice for a quick Web server solution. Perhaps they have had
a UNIX box serving as a firewall at their offices--maintained by some outside technician--and
they want to know what it actually does. Or perhaps this class of readers includes
journalists who have no idea about UNIX and their editors have requested that they
learn a little bit.</P>
<P>I considered all these things prior to writing even a single paragraph. What was
the end result? A long chapter. UNIX folks can cut to the chase by breezing through
each section. (There are tidbits here and there where important information appears,
so keep an eye out.) The rest of the folks can read the chapter as an entire block
and learn the following:
<UL>
<LI>What security holes exist
<LI>Where they exist
<LI>Why they exist
<LI>What utilities are available to plug them
</UL>
<P>I hope this chapter will be of value to all. Also, because UNIX security is so
complex, I am sure I have missed much. However, whole volumes are written on UNIX
security and these still sometimes miss information. Therefore, we venture forth
together, doing as best we can under the constraints of this book.
<H2><FONT COLOR="#000077"><B>The UNIX Platform Generally</B></FONT></H2>
<P>The UNIX platform has evolved over the years. Today, it can be defined as a 32-
(or 64-) bit multitasking, multiuser, networked operating system. It has advanced
security features, including discretionary access control, encryption, and authentication.
<H3><FONT COLOR="#000077"><B>Can UNIX Be Secure?</B></FONT></H3>
<P>UNIX can be secure. However, it is not secure in its native state (that is, out
of the box). Out-of-the-box weaknesses exist for every flavor of UNIX, although some
distributions are more insecure than others. Certain versions of IRIX (SGI), for
example, or most early versions of Linux have Class A or B holes. (Those holes allow
outsiders to gain unauthorized access.) These holes are not a terminal problem (no
pun intended); they simply need to be plugged at first installation. That having
been done, these versions of UNIX are not different from most other versions of nonsecure
UNIX.
<H3><FONT COLOR="#000077"><B>What Is "Secure" UNIX?</B></FONT></H3>
<P>What is secure UNIX (or as it is sometimes called, <I>trusted UNIX</I>)? Secure
UNIX is any UNIX platform that been determined by the National Security Agency (NSA)
to have excellent security controls. These versions must be on the NSA's Evaluated
Product List (EPL). Products on this list have been rigorously tested under various
conditions and are considered safe for use involving semi-sensitive data.</P>
<P>This evaluation process is under the Trusted Product Evaluation Program, which
is conducted on behalf of the National Computer Security Center, and both organizations
are elements of the National Security Agency. These are the people who determine
what products are "safe" for use in secure and semi-secure environments.</P>
<P>The products are rated according to a predefined index. This index has various
levels of "assurance," or <I>classes,</I> of security. As described in
the TPEP FAQ:
<DL>
<DD>A class is the specific collection of requirements in the Trusted Computer System
Evaluation Criteria (TCSEC) to which an evaluated system conforms. There are seven
classes in the TCSEC: A1, B3, B2, B1, C2, C1, and D, in decreasing order of features
and assurances. Thus, a system evaluated at class B3 has more security features and/or
a higher confidence that the security features work as intended than a system evaluated
at class B1. The requirements for a higher class are always a superset of the lower
class. Thus a B2 system meets every C2 functional requirement and has a higher level
of assurance.
</DL>
<BLOCKQUOTE>
<P>
<HR>
<FONT COLOR="#000077"><B>Cross Reference:</B></FONT><B> </B>"TPEP FAQ: What
Is a Class?" can be found online at <A HREF="http://www.radium.ncsc.mil/tpep/process/faq-sect3.html#Q4"><TT>http://www.radium.ncsc.mil/tpep/process/faq-sect3.html#Q4</TT></A>.
<HR>
</BLOCKQUOTE>
<P>The two UNIX products that are positioned highest on the list (levels B3 and B2,
respectively) are identified in Table 17.1. According to the National Security Agency,
these are the most secure operating systems on the planet.
<H4><FONT COLOR="#000077"><B>Table 17.1. Trusted, secure UNIX products.</B></FONT></H4>
<P>
<TABLE BORDER="1">
<TR ALIGN="LEFT" rowspan="1">
<TD ALIGN="LEFT"><I>Operating System</I></TD>
<TD ALIGN="LEFT"><I>Vendor</I></TD>
<TD ALIGN="LEFT"><I>Class</I></TD>
</TR>
<TR ALIGN="LEFT" rowspan="1">
<TD ALIGN="LEFT">XTS-300 STOP 4.1a*</TD>
<TD ALIGN="LEFT">Wang Federal, Inc.</TD>
<TD ALIGN="LEFT">B3</TD>
</TR>
<TR ALIGN="LEFT" rowspan="1">
<TD ALIGN="LEFT">Trusted XENIX 4.0*</TD>
<TD ALIGN="LEFT">Trusted Information Systems, Inc.</TD>
<TD ALIGN="LEFT">B2</TD>
</TR>
</TABLE>
</P>
<P>*These operating systems have earlier versions that have all been determined to
be in the same category. I have listed only the latest versions of these products.</P>
<P>To examine earlier versions (and their ratings), refer to <A HREF="http://www.radium.ncsc.mil/tpep/epl/epl-by-class.html"><TT>http://www.radium.ncsc.mil/tpep/epl/epl-by-class.html</TT></A>.
Wang Federal's XTS-300/STOP 4.1a is not just an operating system, but an entire package.
It consists of both hardware (Intel 80486 PC/AT, EISA bus system) and software (the
STOP 4.1a operating system). It sports a UNIX-like interface at lower levels of the
system. At higher levels, it utilizes a hierarchical file system. This operating
system has extreme DAC (data access control) and is suitable for sensitive work.
STOP 4.1a has the very highest rating of any operating system. As reported by the
EPL:
<DL>
<DD>Beyond the minimal requirements for a B3 system, the XTS-300 provides a mandatory
integrity policy, an extra subtype policy, and a familiar, UNIX-like en
没有合适的资源?快使用搜索试试~ 我知道了~
资源推荐
资源详情
资源评论
收起资源包目录
internet网络最高安全 (204个子文件)
10hac08.gif 116KB
14hac03.gif 113KB
14hac05.gif 76KB
14hac01.gif 67KB
12hac05.gif 66KB
13hac08.gif 65KB
15hac03.gif 63KB
13hac07.gif 61KB
14hac04.gif 57KB
13hac06.gif 54KB
15hac04.gif 53KB
14hac02.gif 49KB
08hac05.gif 48KB
15hac05.gif 48KB
10hac04.gif 47KB
12hac04a.gif 45KB
09hac02.gif 43KB
06hac01.gif 42KB
06hac05.gif 40KB
15hac06.gif 39KB
08hac02.gif 39KB
16hac06.gif 38KB
08hac04.gif 38KB
06hac03.gif 35KB
12hac06.gif 35KB
06hac04.gif 33KB
03hac01.gif 32KB
09hac04.gif 31KB
10hac06.gif 31KB
09hac05.gif 31KB
16hac04.gif 29KB
16hac05.gif 29KB
32hac04.gif 28KB
13hac01.gif 27KB
09hac01.gif 26KB
25hac03.gif 26KB
14hac08.gif 26KB
09hac03.gif 25KB
16hac02.gif 25KB
16hac03.gif 25KB
25hac01.gif 24KB
06hac02.gif 23KB
08hac03.gif 23KB
25hac02.gif 22KB
22hac02.gif 21KB
13hac05.gif 21KB
26hac01.gif 21KB
12hac02.gif 21KB
12hac03.gif 20KB
21hac03.gif 20KB
32hac03.gif 20KB
12hac01.gif 19KB
10hac03.gif 19KB
16hac01.gif 19KB
22hac01.gif 19KB
29hac01.gif 18KB
10hac07.gif 17KB
13hac09.gif 17KB
13hac04.gif 16KB
27hac01.gif 16KB
15hac01.gif 15KB
13hac02.gif 15KB
14hac09.gif 14KB
21hac01.gif 14KB
14hac07.gif 13KB
15hac02.gif 13KB
16hac07.gif 13KB
21hac02.gif 12KB
ad.gif 12KB
10hac02.gif 12KB
22hac03.gif 11KB
23hac01.gif 11KB
32hac01.gif 11KB
14hac06.gif 10KB
08hac01.gif 10KB
29hac02.gif 9KB
32hac02.gif 8KB
10hac01.gif 8KB
10hac05.gif 7KB
13hac03.gif 6KB
32hac06.gif 5KB
32hac05.gif 4KB
corp.gif 3KB
samsnet.gif 998B
previous.gif 607B
next.gif 569B
contents.gif 507B
ch17.htm 118KB
ch30.htm 105KB
ch09.htm 104KB
ch10.htm 85KB
ch13.htm 85KB
ch16.htm 84KB
apa.htm 81KB
ch14.htm 72KB
ch26.htm 65KB
ch08.htm 64KB
ch15.htm 59KB
ch27.htm 59KB
ch04.htm 58KB
共 204 条
- 1
- 2
- 3
资源评论
ss_geng
- 粉丝: 319
- 资源: 3220
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功