Chapter 4: Access Control
 | ||
| | ||
| | ||
Overview
Users must use only their own accounts in the system. Adhering to this policy will increase the degree of security that prevents unauthorized access to your files and, if despite all precautions such access takes place, system logs can be used to determine, which account was used for this.
Regular users should be granted limited privileges, sufficient for carrying out only the necessary operations. You should keep the number of users with extended privileges to a minimum, because accounts of this type require special attention and monitoring. Logging into the system using a privileged account from a computer that could not possibly belong to the owner of the account will indicate a potential or actual break-in.
If you fire an employee, you should immediately delete his or her account to prevent any chance of the account being misused by the disgruntled employee for getting back at you for the firing. In fact, you should delete an account of any terminated employee regardless the circumstances, under which he or she was let go.
You must have administrator rights to manage access rights commands. Administrator rights can be obtained by logging into the system as the administrator or by executing the su command. In either case, you have to know the corresponding password. Another command for obtaining administrator privileges is considered in Section 4.16 .
Let's move to the specifics.
- Step 2.1 Use the OpenSSH Tool Suite to Replace Clear-Text Programs
- Step 3.1 Use PuTTY as a Graphical Replacement for telnet and rlogin
- Step 3.4 Use PuTTYs Tools to Transfer Files from the Windows Command Line
- Step 6.2 Using Port Forwarding Within PuTTY to Read Your E-mail Securely
- Appendix - Sample sshd_config File